[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] [Fwd: [Pdns-announce] security advisories for Authoritative 4.3.1, 4.2.3, 4.1.14]
From: Peter van Dijk <peter.van.dijk () powerdns ! com>
Date: 2020-09-22 20:34:23
Message-ID: 9b808b6d273b88bb2db281f8bea6b6920369242f.camel () powerdns ! com
[Download RAW message or body]
-------- Forwarded Message --------
From: Peter van Dijk via Pdns-announce <
pdns-announce@mailman.powerdns.com>
Reply-To: Peter van Dijk <peter.van.dijk@powerdns.com>
To: pdns-announce@mailman.powerdns.com, pdns-dev@mailman.powerdns.com,
pdns-users@mailman.powerdns.com
Subject: [Pdns-announce] security advisories for Authoritative 4.3.1,
4.2.3, 4.1.14
Date: Tue, 22 Sep 2020 21:48:04 +0200
Hello,
Today we have released PowerDNS Authoritative Server versions 4.3.1, 4.2.3 and 4.1.14, \
containing a fix for PowerDNS Security Advisory 2020-05 [1].
Additionally, we are publishing PowerDNS Security Advisory 2020-06 [2] today (‘Various issues \
have been found in our GSS-TSIG support, where an unauthorized attacker could cause crashes, \
possibly leak uninitialised memory, and possibly execute arbitrary code.'). Our GSS-TSIG \
support was never shipped in any packages by us or, to our knowledge, any other distributions. \
The GSS-TSIG code will be gone in version 4.4.0. We've chosen to leave the code intact for \
older versions, so that users that do rely on it today can keep doing so, keeping in mind the \
risks detailed in Advisory 2020-06.
Regarding 2020-05: An issue has been found in PowerDNS Authoritative Server where an authorized \
user with the ability to insert crafted records into a zone might be able to leak the content \
of uninitialized memory. Such a user could be a customer inserting data via a control panel, or \
somebody with access to the REST API. Crafted records cannot be inserted via AXFR. This issue \
is resolved in the versions mentioned above. (4.1.14 changelog [3], 4.2.3 changelog [4])
Version 4.3.2 also contains various other bug fixes and improvements, please see the changelog \
[5] for all details.
Tarballs and signatures are available at https://downloads.powerdns.com/releases/
Packages for various Linux distributions are available from our repository at \
https://repo.powerdns.com/
4.0 and older releases are EOL, refer to the documentation for details about our release \
cycles.
Please send us all feedback and issues you might have via the mailing list or our IRC channel, \
or in case of a bug, via GitHub.
1: https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html
2: https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html
3: https://doc.powerdns.com/authoritative/changelog/4.1.html#change-4.1.14
4: https://doc.powerdns.com/authoritative/changelog/4.2.html#change-4.2.3
5: https://doc.powerdns.com/authoritative/changelog/4.2.html#change-4.3.1
Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
_______________________________________________
Pdns-announce mailing list
Pdns-announce@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-announce
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic