[Pdns-users] Critical PowerDNS Recursor Security Vulnerabilities: please upgrade ASAP to 18.104.22.168
bert.hubert at netherlabs.nl
Wed Jan 6 15:11:09 UTC 2010
Dear PowerDNS Users,
Two major vulnerabilities have recently been discovered in the PowerDNS
Recursor (all versions up to and including 22.214.171.124). Over the past two
weeks, these vulnerabilities have been addressed, resulting in PowerDNS
Given the nature and magnitude of these vulnerabilities, ALL PowerDNS
RECURSOR USERS ARE URGED TO UPGRADE AT THEIR EARLIEST CONVENIENCE. No
versions of the PowerDNS Authoritative Server are affected.
PowerDNS Recursor 126.96.36.199 as been thoroughly tested, and has in fact been in
production for a week at some major sites already. No problems have been
reported. 188.8.131.52 does not include anything other than security updates.
The two major vulnerabilities can lead to a FULL SYSTEM COMPROMISE, as well
as cache poisoning, connecting your users to possibly malicious IP addresses.
These vulnerabilities were discovered by a third party that for now prefers
not to be named. PowerDNS is however very grateful for their help. More
details are available on:
Debian, FreeBSD, Gentoo and SuSE are processing the changed packages, and
will be releasing security updates shortly. Ubuntu does not provide security
updates for PowerDNS, so Ubuntu users must take immediate action and
download our packages.
RHEL4/5, CentOS packages are available (care of Kees Monshouwer) here:
Updated packages for .deb based systems are available here:
Updated packages for .rpm based systems are available here:
Source code is available here:
If you need any help in upgrading, please do not hesitate to contact us.
More information about the Pdns-users