Hello everyone, We're happy to release PowerDNS Authoritative Server 4.0.5 and Recursor 4.0.7 which contain a lot of backports from the 4.1.x branch. These releases also drop support for Botan 1.10 in favor of Botan 2.x.
More importantly there are fixes for the following security advisories: - Authoritative Server - PowerDNS Security Advisory 2017-04[1]: Missing check on API operations (CVE-2017-15091) - Recursor - PowerDNS Security Advisory 2017-03[2]: Insufficient validation of DNSSEC signatures (CVE-2017-15090) - PowerDNS Security Advisory 2017-05[3]: Cross-Site Scripting in the web interface (CVE-2017-15092) - PowerDNS Security Advisory 2017-06[4]: Configuration file injection in the API (CVE-2017-15093) - PowerDNS Security Advisory 2017-07[5]: Memory leak in DNSSEC parsing (CVE-2017-15094) (We thank Nixu for their discoveries of CVE-2017-15092, CVE-2017-15093 and CVE-2017-15094.) The full changelogs are available at: - https://doc.powerdns.com/authoritative/changelog/4.0.html#powerdns-authoritative-server-4-0-5 (authoritative server) - https://doc.powerdns.com/recursor/changelog/4.0.html#powerdns-recursor-4-0-7 (recursor) The tarballs are available on downloads.powerdns.com[6] (signature[7]) for the authoritative server and for the recursor on downloads.powerdns.com[8] (signature[9]) and packages for CentOS 6 and 7, Debian Jessie and Stretch, Ubuntu Artful, Trusty, Xenial and Zesty are available from https://repo.powerdns.com. Please send us all feedback and issues you might have via the mailinglist, or in case of a bug, via GitHub[10]. 1 - https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html 2 - https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html 3 - https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-05.html 4 - https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html 5 - https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-07.html 6 - https://downloads.powerdns.com/releases/pdns-4.0.5.tar.bz2 7 - https://downloads.powerdns.com/releases/pdns-4.0.5.tar.bz2.sig 8 - https://downloads.powerdns.com/releases/pdns-recursor-4.0.7.tar.bz2 9 - https://downloads.powerdns.com/releases/pdns-recursor-4.0.7.tar.bz2.sig 10 - https://github.com/PowerDNS/pdns/issues/new -- Erik Winkels PowerDNS.COM BV -- https://www.powerdns.com
signature.asc
Description: PGP signature
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
