[Pdns-users] [EXT] Re: [Pdns-announce] PowerDNS Recursor 4.3.1, 4.2.2. and 4.1.16 released fixing multiple vulnerabilities
otto.moerbeek at open-xchange.com
Wed May 20 10:52:11 UTC 2020
On 2020-05-20 12:35, Kevin P. Fleming wrote:
> The new packages aren't available for Raspbian yet; would someone
> check the build systems for Raspbian? Thanks.
The builds are slow, the packages should become available soon.
> On Tue, May 19, 2020 at 4:58 AM Otto Moerbeek via Pdns-announce
> <pdns-announce at mailman.powerdns.com> wrote:
>> Today we are releasing PowerDNS Recursor 4.3.1, 4.2.2. and 4.1.16,
>> containing security fixes for three CVEs:
>> - CVE-2020-10995
>> - CVE-2020-12244
>> - CVE-2020-10030
>> The issues are:
>> CVE-2020-10995: An issue in the DNS protocol has been found that allows
>> malicious parties to use recursive DNS services to attack third party
>> authoritative name servers. Severity is medium. We would like to thank
>> Lior Shafir, Yehuda Afek and Anat Bremler-Barr for finding and
>> subsequently reporting this issue!
>> CVE-2020-12244: Records in the answer section of a NXDOMAIN response
>> lacking an SOA were not properly validated. Severity is medium. We would
>> like to thank Matt Nordhoff for finding and subsequently reporting this
>> CVE-2020-10030: An attacker with enough privileges to change the
>> hostname might be able to disclose uninitialized memory. This issue also
>> affects the Authoritative Server and dnsdist; since the attack requires
>> very high privileges and the issue does not affect Linux, we will not be
>> releasing new versions for those just for this issue. Severity is low.
>> As usual, there were also other smaller enhancements and bugfixes.
>> Please refer to the 4.3.1 changelog, 4.2.2 changelog and 4.1.16
>> changelog for details.
>> The 4.3.1 tarball (signature), 4.2.2 tarball (signature)
>> and 4.1.16 tarball (signature) are available at our download
>> site and packages for CentOS 6, 7 and 8, Debian Stretch and Buster,
>> Ubuntu Xenial and Bionic are available from our repository
>> Note that the 4.1 packages will be published later today.
>> 4.0 and older releases are EOL, refer to the documentation for
>> details about our release cycles.
>> Please send us all feedback and issues you might have via the mailing
>> list, or in case of a bug, via GitHub.
>>  https://doc.powerdns.com/recursor/changelog/4.3.html#change-4.3.1
>>  https://doc.powerdns.com/recursor/changelog/4.2.html#change-4.2.2
>>  https://doc.powerdns.com/recursor/changelog/4.1.html#change-4.1.16
>>  https://downloads.powerdns.com/releases/pdns-recursor-4.3.1.tar.bz2
>>  https://downloads.powerdns.com/releases/pdns-recursor-4.3.1.tar.bz2.sig
>>  https://downloads.powerdns.com/releases/pdns-recursor-4.2.2.tar.bz2
>>  https://downloads.powerdns.com/releases/pdns-recursor-4.2.2.tar.bz2.sig
>>  https://downloads.powerdns.com/releases/pdns-recursor-4.1.16.tar.bz2
>>  https://downloads.powerdns.com/releases
>>  https://repo.powerdns.com/
>>  https://docs.powerdns.com/recursor/appendices/EOL.html
>>  https://mailman.powerdns.com/mailman/listinfo/pdns-users
>>  https://github.com/PowerDNS/pdns/issues/new/choose
>> kind regards,
>> Otto Moerbeek
>> Senior PowerDNS Developer
>> Email: otto.moerbeek at open-xchange.com
>> Pdns-announce mailing list
>> Pdns-announce at mailman.powerdns.com
Senior PowerDNS Developer
Email: otto.moerbeek at open-xchange.com
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: OpenPGP digital signature
More information about the Pdns-users