Hello!, Today we are releasing PowerDNS Recursor 4.3.5, 4.2.5. and 4.1.18, containing a security fix for CVE-2020-25829[1]:
An issue has been found in PowerDNS Recursor where a remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installations that always validate (dnssec=validate) and for clients requesting validation when on-demand validation is enabled (dnssec=process). The severity is high for these cases. As usual, there were also other smaller enhancements and bugfixes. Please refer to the 4.3.5 changelog[2], 4.2.5 changelog[3] and 4.1.18 changelog[4] for details. The 4.3.5 tarball[5] (signature[6]), 4.2.5 tarball[7] (signature[8]) and 4.1.18 tarball[9] (signature[10]) are available at our download site[11] and packages for CentOS 6, 7 and 8, Debian Stretch and Buster, Ubuntu Xenial and Bionic are available from our repository[12]. 4.0 and older releases are EOL, refer to the documentation[13] for details about our release cycles. Please send us all feedback and issues you might have via the mailing list[14], or in case of a bug, via GitHub[15]. Regards, -Otto and the PowerDNS Team [1] https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html [2] https://doc.powerdns.com/recursor/changelog/4.3.html#change-4.3.5 [3] https://doc.powerdns.com/recursor/changelog/4.2.html#change-4.2.5 [4] https://doc.powerdns.com/recursor/changelog/4.1.html#change-4.1.18 [5] https://downloads.powerdns.com/releases/pdns-recursor-4.3.5.tar.bz2 [6] https://downloads.powerdns.com/releases/pdns-recursor-4.3.5.tar.bz2.sig [7] https://downloads.powerdns.com/releases/pdns-recursor-4.2.5.tar.bz2 [8] https://downloads.powerdns.com/releases/pdns-recursor-4.2.5.tar.bz2.sig [9] https://downloads.powerdns.com/releases/pdns-recursor-4.1.18.tar.bz2 [10] https://downloads.powerdns.com/releases/pdns-recursor-4.1.18.tar.bz2.sig [11] https://downloads.powerdns.com/releases/ [12] https://repo.powerdns.com/ [13] https://docs.powerdns.com/recursor/appendices/EOL.html [14] https://mailman.powerdns.com/mailman/listinfo/pdns-users [15] https://github.com/PowerDNS/pdns/issues/new/choose -- kind regards, Otto Moerbeek Senior PowerDNS Developer Email: otto.moerb...@open-xchange.com
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users