[Pdns-users] Attack scope clarification, Ubuntu PowerDNS Recursor Updates + need to restart
allied internet ag- Stefan Priebe
s.priebe at allied-internet.ag
Sat Jan 9 12:11:48 UTC 2010
What is about debian - there doesn't seem to be any updates at all... :-(
bert hubert schrieb:
> Dear PowerDNS Users,
> Three important updates:
> 1) To clarify, *ALL* PowerDNS Recursor installations are vulnerable to
> attack, even if you only provide service to trusted users! There is an
> attack vector through malicious authoritative servers.
> 2) A reminder, some PowerDNS Packages do not automatically restart the
> PowerDNS Recursor when an upgrade is installed. To be on the safe side,
> restart your recursor manually.
> 3) I'm happy to report that, contrary to initial indications, Ubuntu has in
> fact updated the PowerDNS Recursor for their recent distributions, and will
> be addressing their older versions too once we get round to shipping the
> patch to 3.1.4.
> Many thanks to Imre Gergely, who mangled the patches for Ubuntu.
> On Wed, Jan 06, 2010 at 04:19:56PM +0100, bert hubert wrote:
>> The correct links to the .deb packages are:
>> Special 'upgrade option of last resort' (old systems)
>> In addition, as a special service, we are also providing two precompiled
>> fully static Linux binaries as an 'upgrade option of last resort':
>> These two binaries are suitable of our .deb or .rpm files somehow refuse to
>> load (which happens on RHEL version 3, for example).
>> Download the appropriate executable, rename to pdns_recursor, set the
>> executable bit (chmod a+x pdns_recursor), and 'mv' the executable over
>> On Wed, Jan 06, 2010 at 04:11:09PM +0100, bert hubert wrote:
>>> Dear PowerDNS Users,
>>> Two major vulnerabilities have recently been discovered in the PowerDNS
>>> Recursor (all versions up to and including 220.127.116.11). Over the past two
>>> weeks, these vulnerabilities have been addressed, resulting in PowerDNS
>>> Recursor 18.104.22.168.
>>> Given the nature and magnitude of these vulnerabilities, ALL PowerDNS
>>> RECURSOR USERS ARE URGED TO UPGRADE AT THEIR EARLIEST CONVENIENCE. No
>>> versions of the PowerDNS Authoritative Server are affected.
>>> PowerDNS Recursor 22.214.171.124 as been thoroughly tested, and has in fact been in
>>> production for a week at some major sites already. No problems have been
>>> reported. 126.96.36.199 does not include anything other than security updates.
>>> The two major vulnerabilities can lead to a FULL SYSTEM COMPROMISE, as well
>>> as cache poisoning, connecting your users to possibly malicious IP addresses.
>>> These vulnerabilities were discovered by a third party that for now prefers
>>> not to be named. PowerDNS is however very grateful for their help. More
>>> details are available on:
>>> Debian, FreeBSD, Gentoo and SuSE are processing the changed packages, and
>>> will be releasing security updates shortly. Ubuntu does not provide security
>>> updates for PowerDNS, so Ubuntu users must take immediate action and
>>> download our packages.
>>> RHEL4/5, CentOS packages are available (care of Kees Monshouwer) here:
>>> Updated packages for .deb based systems are available here:
>>> Updated packages for .rpm based systems are available here:
>>> Source code is available here:
>>> If you need any help in upgrading, please do not hesitate to contact us.
>>> Kind regards,
>>> Bert Hubert
>> Pdns-announce mailing list
>> Pdns-announce at mailman.powerdns.com
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
More information about the Pdns-users