[Pdns-dev] PowerDNS Recursor 4.1.8 Released
erik.winkels at open-xchange.com
Mon Nov 26 16:03:50 UTC 2018
We’ve released PowerDNS Recursor 4.1.8.
This release fixes Security Advisory 2018-09 (https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-09.html) that we recently discovered, affecting PowerDNS Recursor from 4.1.0 up to and including 4.1.7. PowerDNS Recursor 4.0.x and below are not affected.
The issue is that a remote attacker can trigger an out-of-bounds memory read via a crafted query, while computing the hash of the query for a packet cache lookup, possibly leading to a crash.
When the PowerDNS Recursor is run inside a supervisor like supervisord or systemd, a crash will lead to an automatic restart, limiting the impact to a somewhat degraded service.
A minimal patch is available at: https://downloads.powerdns.com/patches/2018-09/
- #7221: Crafted query can cause a denial of service (CVE-2018-16855)
The tarball (signature) is available at https://downloads.powerdns.com/releases/ and packages for CentOS 6 and 7, Debian Jessie and Stretch, Ubuntu Bionic, Trusty and Xenial are available from https://repo.powerdns.com/ .
Please send us all feedback and issues you might have via the mailing list, or in case of a bug, via GitHub.
PowerDNS.COM BV -- https://www.powerdns.com
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 475 bytes
Desc: not available
More information about the Pdns-dev