[Pdns-announce] PowerDNS Authoritative Server 4.9.15 and 5.0.5

[Miod Vallat]

Today, we are releasing two new versions of the PowerDNS Authoritative
Server. These 4.9.15 and 5.0.5 versions provide fixes for the following
PowerDNS Security Advisory:
   * [1]PowerDNS Security Advisory 2026-06: Multiple Issues

The security issues being fixed with these releases are low or
medium-severity, and most of them involve specific backends and/or
configurations. They are:
   * CVE-2026-41999 (only concerns 5.0.x) When using views, queries sent
     using TCP Proxy Protocol will select the view according to the
     address of the proxy, rather than the address of the initial query.
     This can lead to wrong data being returned.
   * CVE-2026-42000 Missing escaping of special characters (such as $ or
     @) in DNS names received during an AXFR operation can lead to an
     incorrect (non-parseable) Bind backend configuration to be written,
     causing this backend to fail until manual operation is performed to
     fix the configuration.
   * CVE-2026-42001 Missing sanity checks of the answer to the initial
     SOA query, when running in autosecondary mode and receiving a
     notification for an not-yet-known domain may cause the server to
     crash.
   * CVE-2026-42002 Multiple concurrency and locking defects in the
     GSS-TSIG code can lead to memory corruption due to accidental data
     structure sharing, which can in turn lead to a program crash.
     Moreover, the lack of bounds on the number of in-flight GSS-TSIG
     contexts can lead to unbounded memory consumption in case of an
     excessive number of requests at a given time. A limit of 1000
     contexts is now enforced, and can be modified with the
     “gss-max-contexts” parameter in server configuration.
   * CVE-2026-42396 Missing proper escaping of double-quote characters
     when computing labels will cause AXFR of a catalog zone with a
     member whose producer group option contains such a character to
     fail.

Please make sure to read the [2]Upgrade Notes before upgrading.

The tarballs ([3]4.9.15, [4]5.0.5) and their signatures ([5]4.9.15,
[6]5.0.5) are available at [7]downloads.powerdns.com. Packages for
various distributions are available from [8]repo.powerdns.com.

Please send us all feedback and issues you might have via the
[9]mailing list, or in case of a bug, via [10]GitHub.

References

1. 
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-06.html
2. https://doc.powerdns.com/authoritative/upgrading.html
3. https://downloads.powerdns.com/releases/pdns-4.9.15.tar.bz2
4. https://downloads.powerdns.com/releases/pdns-5.0.5.tar.bz2
5. https://downloads.powerdns.com/releases/pdns-4.9.15.tar.bz2.sig
6. https://downloads.powerdns.com/releases/pdns-5.0.5.tar.bz2.sig
7. https://downloads.powerdns.com/releases/
8. https://repo.powerdns.com/
9. https://mailman.powerdns.com/mailman/listinfo/pdns-users
10. https://github.com/PowerDNS/pdns/issues/new/choose