[Pdns-users] PowerDNS Authoritative Server 3.4.11 released

Fri, 13 Jan 2017 04:07:35 -0800 

Hello everyone,

Today, we are releasing version 3.4.11 of the PowerDNS Authoritative Server. 
This release fixes several scurity issues that were reported to PowerDNS.

It concerns the following security advisories:

 * 2016-02: Crafted queries can cause abnormal CPU usage[1]
 * 2016-03: Denial of service via the web server[2]
 * 2016-04: Insufficient validation of TSIG signatures[3]
 * 2016-05: Crafted zone record can cause a denial of service[4]

For those who cannot update, minimal patches are available[5,6,7,8]

The full changelog is online[9] and reproduced here:

 * Don't parse spurious RRs in queries when we don't need them (Security 
Advisory 2016-02)
 * Don't exit if the webserver can't accept a connection (Security Advisory 
2016-03)
 * Fix TSIG computation (Security Advisory 2016-04)
 * Correctly check unknown record content size (Security Advisory 2016-05)
 * Fix a possible memory leak in the webserver
 * Lowercase the qname in getDomainInfo() and isMaster()
 * Don't look up the packet cache for TSIG-enabled queries
 * Fix a stack-based off-by-one write in the HTTP remote backend

Tarballs with sources are available (with signatures)[10,11] and we urge all 
users to upgrade to this new version.

Best regards,

The PowerDNS team.

1 - https://doc.powerdns.com/3/security/powerdns-advisory-2016-02
2 - https://doc.powerdns.com/3/security/powerdns-advisory-2016-03
3 - https://doc.powerdns.com/3/security/powerdns-advisory-2016-04
4 - https://doc.powerdns.com/3/security/powerdns-advisory-2016-05
5 - https://downloads.powerdns.com/patches/2016-02
6 - https://downloads.powerdns.com/patches/2016-03
7 - https://downloads.powerdns.com/patches/2016-04
8 - https://downloads.powerdns.com/patches/2016-05
9 - https://doc.powerdns.com/3/changelog/#powerdns-authoritative-server-3411
10 - https://downloads.powerdns.com/releases/pdns-3.4.11.tar.bz2
11 - https://downloads.powerdns.com/releases/pdns-3.4.11.tar.bz2.sig

-- 
Pieter Lexis
PowerDNS.COM BV -- https://www.powerdns.com

Attachment: pgpYhsDs4Zrvm.pgp
Description: OpenPGP digital signature

_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Reply via email to