Hi all, (Via: https://blog.powerdns.com/2019/03/19/powerdns-authoritative-server-4-2-0-release-candidate-1-released/ )
This release fixes an issue with security implications that has been recently
reported in the HTTP remote backend of the PowerDNS Authoritative Server.
Setups that are not using this backend are not impacted by this issue. More
information can be found in the corresponding security advisory:
- PowerDNS Security Advisory 2019-03 [1] (CVE-2019-3871): Insufficient
validation in the HTTP remote backend
There are some additional smaller improvements and bug fixes in this release.
Please see the changelog [2]:
- #7576: Insufficient validation in the HTTP remote backend
- #7546: Fix API search failed with “Commands out of sync; you can’t run
this command now”
- #7219: Fix static lookup when using weighted records on multiple record
types.
- #7516: Report “checkKey“ errors upwards.
This release was made possible by contributions from: Aki Tuomi, Sebastian,
Robin Geuze and Baptiste Courtois.
The tarball[3] (sig[4]) is available at downloads.powerdns.com and packages for
CentOS 6 and 7, Debian Jessie and Stretch, Ubuntu Bionic, Trusty, Xenial and
Cosmic are available from repo.powerdns.com.
Please send us all feedback and issues you might have via the mailing list[5],
or in case of a bug, via GitHub[6].
[1]
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html
[2] https://doc.powerdns.com/authoritative/changelog/4.2.html
[3] https://downloads.powerdns.com/releases/pdns-4.2.0-rc1.tar.bz2
[4] https://downloads.powerdns.com/releases/pdns-4.2.0-rc1.tar.bz2.sig
[5] https://mailman.powerdns.com/mailman/listinfo/pdns-users
[6] https://github.com/PowerDNS/pdns/issues/new
--
Erik Winkels
PowerDNS.COM BV -- https://www.powerdns.com
signature.asc
Description: PGP signature
_______________________________________________ Pdns-dev mailing list Pdns-dev@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-dev
