Re: [Pdns-users] security advisory 2021-01 for PowerDNS Authoritative Server 4.5.0

2021-09-18 Thread Steven Garner via Pdns-users 
Ok, thanks.

Steven J Garner
+1 302 364 0325
stevenjgar...@gmail.com


On Sat, Sep 18, 2021 at 7:07 PM Kevin P. Fleming  wrote:

> On Sat, Sep 18, 2021 at 5:17 PM Steven Garner via Pdns-users
>  wrote:
> >
> > For Debian systems will apt be updated so that an upgrade from 4.4.1 to
> 4.5.1 can be picked up by apt upgrade?  Or is there a different upgrade
> path?  I don't see any reference in
> https://doc.powerdns.com/authoritative/upgrading.html#x-to-4-5-0-or-master.
> Thanks in advance.
>
> If you are using packages from the *Debian* repositories, it's up to
> the Debian package maintainers to provide anything necessary. Since
> this issue does not affect 4.4.x, and Debian currently packages only
> 4.4.x, I doubt anything will be done. At the point where the Debian
> package maintainers put 4.5.x into the unstable/testing branches, it
> will be 4.5.1 or later.
>
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] security advisory 2021-01 for PowerDNS Authoritative Server 4.5.0

2021-09-18 Thread Kevin P. Fleming via Pdns-users 
On Sat, Sep 18, 2021 at 5:17 PM Steven Garner via Pdns-users
 wrote:
>
> For Debian systems will apt be updated so that an upgrade from 4.4.1 to 4.5.1 
> can be picked up by apt upgrade?  Or is there a different upgrade path?  I 
> don't see any reference in 
> https://doc.powerdns.com/authoritative/upgrading.html#x-to-4-5-0-or-master.  
> Thanks in advance.

If you are using packages from the *Debian* repositories, it's up to
the Debian package maintainers to provide anything necessary. Since
this issue does not affect 4.4.x, and Debian currently packages only
4.4.x, I doubt anything will be done. At the point where the Debian
package maintainers put 4.5.x into the unstable/testing branches, it
will be 4.5.1 or later.
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] security advisory 2021-01 for PowerDNS Authoritative Server 4.5.0

2021-09-18 Thread Steven Garner via Pdns-users 
For Debian systems will apt be updated so that an upgrade from 4.4.1 to
4.5.1 can be picked up by apt upgrade?  Or is there a different upgrade
path?  I don't see any reference in
https://doc.powerdns.com/authoritative/upgrading.html#x-to-4-5-0-or-master.
Thanks in advance.

Steve Garner
+1 302 364 0325
stevenjgar...@gmail.com


On Mon, Jul 26, 2021 at 7:42 AM Peter van Dijk via Pdns-users <
pdns-users@mailman.powerdns.com> wrote:

> Hello,
>
> today we have released PowerDNS Authoritative Server 4.5.1, fixing a
> remotely triggered crash present in version 4.5.0. No other versions
> are affected.
>
> Tarballs and signatures are available at
> https://downloads.powerdns.com/releases/, and a single patch is
> available at https://downloads.powerdns.com/patches/2021-01/. However,
> 4.5.1 contains no other changes.
>
> Please find the full text of the advisory below.
>
> PowerDNS Security Advisory 2021-01: Specific query crashes
> Authoritative Server
>
> -  CVE: CVE-2021-36754
> -  Date: July 26th, 2021
> -  Affects: PowerDNS Authoritative version 4.5.0
> -  Not affected: 4.4.x and below, 4.5.1
> -  Severity: High
> -  Impact: Denial of service
> -  Exploit: This problem can be triggered via a specific query packet
> -  Risk of system compromise: None
> -  Solution: Upgrade to 4.5.1, or filter queries in ``dnsdist``
>
> PowerDNS Authoritative Server 4.5.0 (and the alpha/beta/rc1/rc2
> prereleases that came before it) will crash with an uncaught out of
> bounds exception if it receives a query with QTYPE 65535. The offending
> code was not present in earlier versions, and they are not affected.
>
> Users that cannot upgrade immediately, but do have dnsdist in place,
> can use dnsdist to filter such queries before they do harm, with
> something like ``addAction(QTypeRule(65535),
> RCodeAction(DNSRCode.REFUSED))``.
>
> When the PowerDNS Authoritative Server is run inside a supervisor like
> supervisord or systemd, an uncaught exception crash will lead to an
> automatic restart, limiting the impact to a somewhat degraded service.
>
> We would like to thank Reinier Schoof and Robin Geuze of TransIP for
> noticing crashes in production, immediately letting us know, and
> helping us figure out what was happening.
> ___
> Pdns-users mailing list
> Pdns-users@mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users