On 2020-05-20 12:35, Kevin P. Fleming wrote: > The new packages aren't available for Raspbian yet; would someone > check the build systems for Raspbian? Thanks.
The builds are slow, the packages should become available soon. -Otto > > On Tue, May 19, 2020 at 4:58 AM Otto Moerbeek via Pdns-announce > <pdns-annou...@mailman.powerdns.com> wrote: >> >> Hello!, >> >> Today we are releasing PowerDNS Recursor 4.3.1, 4.2.2. and 4.1.16, >> containing security fixes for three CVEs: >> >> - CVE-2020-10995[1] >> - CVE-2020-12244[2] >> - CVE-2020-10030[3] >> >> The issues are: >> >> CVE-2020-10995: An issue in the DNS protocol has been found that allows >> malicious parties to use recursive DNS services to attack third party >> authoritative name servers. Severity is medium. We would like to thank >> Lior Shafir, Yehuda Afek and Anat Bremler-Barr for finding and >> subsequently reporting this issue! >> >> CVE-2020-12244: Records in the answer section of a NXDOMAIN response >> lacking an SOA were not properly validated. Severity is medium. We would >> like to thank Matt Nordhoff for finding and subsequently reporting this >> issue! >> >> CVE-2020-10030: An attacker with enough privileges to change the >> hostname might be able to disclose uninitialized memory. This issue also >> affects the Authoritative Server and dnsdist; since the attack requires >> very high privileges and the issue does not affect Linux, we will not be >> releasing new versions for those just for this issue. Severity is low. >> >> As usual, there were also other smaller enhancements and bugfixes. >> Please refer to the 4.3.1 changelog[4], 4.2.2 changelog[5] and 4.1.16 >> changelog[6] for details. >> >> The 4.3.1 tarball[7] (signature[8]), 4.2.2 tarball[9] (signature[10]) >> and 4.1.16 tarball[11] (signature[12]) are available at our download >> site[13] and packages for CentOS 6, 7 and 8, Debian Stretch and Buster, >> Ubuntu Xenial and Bionic are available from our repository[14] >> >> Note that the 4.1 packages will be published later today. >> >> 4.0 and older releases are EOL, refer to the documentation[15] for >> details about our release cycles. >> >> Please send us all feedback and issues you might have via the mailing >> list[16], or in case of a bug, via GitHub[17]. >> >> >> [1] >> https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html >> [2] >> https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-02.html >> [3] >> https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-03.html >> [4] https://doc.powerdns.com/recursor/changelog/4.3.html#change-4.3.1 >> [5] https://doc.powerdns.com/recursor/changelog/4.2.html#change-4.2.2 >> [6] https://doc.powerdns.com/recursor/changelog/4.1.html#change-4.1.16 >> [7] https://downloads.powerdns.com/releases/pdns-recursor-4.3.1.tar.bz2 >> [8] https://downloads.powerdns.com/releases/pdns-recursor-4.3.1.tar.bz2.sig >> [9] https://downloads.powerdns.com/releases/pdns-recursor-4.2.2.tar.bz2 >> [10] https://downloads.powerdns.com/releases/pdns-recursor-4.2.2.tar.bz2.sig >> [11] https://downloads.powerdns.com/releases/pdns-recursor-4.1.16.tar.bz2 >> [12] >> https://downloads.powerdns.com/releases/pdns-recursor-4.1.16.tar.bz2.sig >> [13] https://downloads.powerdns.com/releases >> [14] https://repo.powerdns.com/ >> [15] https://docs.powerdns.com/recursor/appendices/EOL.html >> [16] https://mailman.powerdns.com/mailman/listinfo/pdns-users >> [17] https://github.com/PowerDNS/pdns/issues/new/choose >> >> -- >> kind regards, >> Otto Moerbeek >> Senior PowerDNS Developer >> >> Email: otto.moerb...@open-xchange.com >> >> _______________________________________________ >> Pdns-announce mailing list >> pdns-annou...@mailman.powerdns.com >> https://mailman.powerdns.com/mailman/listinfo/pdns-announce -- kind regards, Otto Moerbeek Senior PowerDNS Developer Email: otto.moerb...@open-xchange.com
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users