Re: [Pdns-users] security advisory 2021-01 for PowerDNS Authoritative Server 4.5.0
Ok, thanks. Steven J Garner +1 302 364 0325 stevenjgar...@gmail.com On Sat, Sep 18, 2021 at 7:07 PM Kevin P. Fleming wrote: > On Sat, Sep 18, 2021 at 5:17 PM Steven Garner via Pdns-users > wrote: > > > > For Debian systems will apt be updated so that an upgrade from 4.4.1 to > 4.5.1 can be picked up by apt upgrade? Or is there a different upgrade > path? I don't see any reference in > https://doc.powerdns.com/authoritative/upgrading.html#x-to-4-5-0-or-master. > Thanks in advance. > > If you are using packages from the *Debian* repositories, it's up to > the Debian package maintainers to provide anything necessary. Since > this issue does not affect 4.4.x, and Debian currently packages only > 4.4.x, I doubt anything will be done. At the point where the Debian > package maintainers put 4.5.x into the unstable/testing branches, it > will be 4.5.1 or later. > ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] security advisory 2021-01 for PowerDNS Authoritative Server 4.5.0
On Sat, Sep 18, 2021 at 5:17 PM Steven Garner via Pdns-users wrote: > > For Debian systems will apt be updated so that an upgrade from 4.4.1 to 4.5.1 > can be picked up by apt upgrade? Or is there a different upgrade path? I > don't see any reference in > https://doc.powerdns.com/authoritative/upgrading.html#x-to-4-5-0-or-master. > Thanks in advance. If you are using packages from the *Debian* repositories, it's up to the Debian package maintainers to provide anything necessary. Since this issue does not affect 4.4.x, and Debian currently packages only 4.4.x, I doubt anything will be done. At the point where the Debian package maintainers put 4.5.x into the unstable/testing branches, it will be 4.5.1 or later. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] security advisory 2021-01 for PowerDNS Authoritative Server 4.5.0
For Debian systems will apt be updated so that an upgrade from 4.4.1 to 4.5.1 can be picked up by apt upgrade? Or is there a different upgrade path? I don't see any reference in https://doc.powerdns.com/authoritative/upgrading.html#x-to-4-5-0-or-master. Thanks in advance. Steve Garner +1 302 364 0325 stevenjgar...@gmail.com On Mon, Jul 26, 2021 at 7:42 AM Peter van Dijk via Pdns-users < pdns-users@mailman.powerdns.com> wrote: > Hello, > > today we have released PowerDNS Authoritative Server 4.5.1, fixing a > remotely triggered crash present in version 4.5.0. No other versions > are affected. > > Tarballs and signatures are available at > https://downloads.powerdns.com/releases/, and a single patch is > available at https://downloads.powerdns.com/patches/2021-01/. However, > 4.5.1 contains no other changes. > > Please find the full text of the advisory below. > > PowerDNS Security Advisory 2021-01: Specific query crashes > Authoritative Server > > - CVE: CVE-2021-36754 > - Date: July 26th, 2021 > - Affects: PowerDNS Authoritative version 4.5.0 > - Not affected: 4.4.x and below, 4.5.1 > - Severity: High > - Impact: Denial of service > - Exploit: This problem can be triggered via a specific query packet > - Risk of system compromise: None > - Solution: Upgrade to 4.5.1, or filter queries in ``dnsdist`` > > PowerDNS Authoritative Server 4.5.0 (and the alpha/beta/rc1/rc2 > prereleases that came before it) will crash with an uncaught out of > bounds exception if it receives a query with QTYPE 65535. The offending > code was not present in earlier versions, and they are not affected. > > Users that cannot upgrade immediately, but do have dnsdist in place, > can use dnsdist to filter such queries before they do harm, with > something like ``addAction(QTypeRule(65535), > RCodeAction(DNSRCode.REFUSED))``. > > When the PowerDNS Authoritative Server is run inside a supervisor like > supervisord or systemd, an uncaught exception crash will lead to an > automatic restart, limiting the impact to a somewhat degraded service. > > We would like to thank Reinier Schoof and Robin Geuze of TransIP for > noticing crashes in production, immediately letting us know, and > helping us figure out what was happening. > ___ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/pdns-users > ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] security advisory 2021-01 for PowerDNS Authoritative Server 4.5.0
Hello, today we have released PowerDNS Authoritative Server 4.5.1, fixing a remotely triggered crash present in version 4.5.0. No other versions are affected. Tarballs and signatures are available at https://downloads.powerdns.com/releases/, and a single patch is available at https://downloads.powerdns.com/patches/2021-01/. However, 4.5.1 contains no other changes. Please find the full text of the advisory below. PowerDNS Security Advisory 2021-01: Specific query crashes Authoritative Server - CVE: CVE-2021-36754 - Date: July 26th, 2021 - Affects: PowerDNS Authoritative version 4.5.0 - Not affected: 4.4.x and below, 4.5.1 - Severity: High - Impact: Denial of service - Exploit: This problem can be triggered via a specific query packet - Risk of system compromise: None - Solution: Upgrade to 4.5.1, or filter queries in ``dnsdist`` PowerDNS Authoritative Server 4.5.0 (and the alpha/beta/rc1/rc2 prereleases that came before it) will crash with an uncaught out of bounds exception if it receives a query with QTYPE 65535. The offending code was not present in earlier versions, and they are not affected. Users that cannot upgrade immediately, but do have dnsdist in place, can use dnsdist to filter such queries before they do harm, with something like ``addAction(QTypeRule(65535), RCodeAction(DNSRCode.REFUSED))``. When the PowerDNS Authoritative Server is run inside a supervisor like supervisord or systemd, an uncaught exception crash will lead to an automatic restart, limiting the impact to a somewhat degraded service. We would like to thank Reinier Schoof and Robin Geuze of TransIP for noticing crashes in production, immediately letting us know, and helping us figure out what was happening. signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users