[Pdns-users] PowerDNS Authoritative Server 2.9.21.2 Security Upgrade
Ton van Rosmalen
ton at netbase.nl
Tue Nov 18 14:10:27 UTC 2008
Hi Bert,
Is the patch also integrated in the snapshot 1293 (or up)?
Regards,
Ton
bert hubert schreef:
> Authoritative Server version 2.9.21.2
>
> Released on the 18th of November 2008.
>
> Downloadable from:
> http://downloads.powerdns.com/releases/pdns-2.9.21.2.tar.gz
> http://downloads.powerdns.com/releases/deb/stable/pdns-static_2.9.21.2-1_i386.deb
> http://downloads.powerdns.com/releases/rpm/pdns-static-2.9.21.2-1.i386.rpm
>
> This release consists of a single patch to PowerDNS Authoritative Server
> version 2.9.21.1. In some configurations, notably with configuration option
> 'distributor-threads=1', the PowerDNS Authoritative Server crashes easily in
> some error conditions.
>
> All users are urged to upgrade. Even though PowerDNS restarts itself on
> encountering such error conditions, and even though most PowerDNS
> configurations do not run in single threaded mode, an upgrade is
> recommended.
>
> More detauls:
>
> Daniel Drown discovered that his PowerDNS 2.9.21.1 installation crashed on
> receiving a HINFO CH query. In his enthousiasm, he shared his discovery with
> the world, forcing a rapid over the weekend release cycle.
>
> While we thank Daniel for his discovery, please study our security policy as
> outlined in http://doc.powerdns.com/security-policy.html before making
> vulnerabilities public.
>
> It is believed that this issue only impacts PowerDNS Authoritative Servers
> operating with 'distributor-threads=1', but even on other configurations a
> database reconnect occurs on receiving a CH HINFO query.
>
>
>
More information about the Pdns-users
mailing list