[Pdns-users] PowerDNS Security Advisory 2012-01: Denial of Service vulnerability in most versions of the PowerDNS Authoritative Server

[Peter van Dijk]

Hello Nick,

On Jan 12, 2012, at 8:09 , Nick Milas wrote:

> On 10/1/2012 9:04 μμ, bert hubert wrote:
> 
>> Tarballs and new static builds (32/64bit, RPM/DEB) of 2.9.22.5
>> and 3.0.1 have been uploaded to our download site. Kees Monshouwer has provided
>> updated CentOS/RHEL packages in his repository.
> 
> Hello,
> 
> I haven't been able to find 2.9.22.5 binary packages (RHEL/CENTOS 5, 64bit) on any of the repos.
> 
> Could someone please provide some guidance to find these packages?

They are at http://downloads.powerdns.com/releases/rpm/, the one for you is http://downloads.powerdns.com/releases/rpm/pdns-static-2.9.22.5-1.x86_64.rpm

HOWEVER! We will be rolling 2.9.22.6 this week to fix a bug in .5 which can cause crashes when using it as an AXFR slave.

> Question: I guess this version has not included any changes in the LDAP backend (yes, I am still using it)?
> 
> If possible, it should include ONLY the proposed patch for Ticket #313, which was successfully tested:
> http://mailman.powerdns.com/pipermail/pdns-users/2010-September/007004.html
> It should NOT include any other (LDAP backend-related) fix, e.g. for Ticket #260 (= #323).

There were no LDAP changes in 2.9.22.5, and there will be no LDAP changes in 2.9.22.6.

Kind regards,
Peter van Dijk