Security Advisory 2015-01

Apr 23, 2015

UPDATE: please also read the update posted on May 1st.

Hi everybody,

Please be aware of PowerDNS Security Advisory 2015-01

The good news is that as far as we have seen, only
specific builds for RHEL5 are affected, but just to be sure we are doing
full releases of all recent versions of our products.

Packages and distribution tar balls of Recursor 3.6.3, Recursor 3.7.2 and Auth
3.4.4 are available in the usual places, and release announcements have just gone out.

If you prefer a minimal patch, please go to and see README.txt there.

If you have problems upgrading, please either contact us on our mailing lists,
or privately via (should you wish to make use of
our SLA-backed support program).

We want to thank Aki Tuomi for finding this issue, and really digging into it.
We also want to thank Kees Monshouwer for assisting in debugging and fixing
the offending code. Finally we want to thank Kai Storbeck for putting an
earlier, broken version of the patch into production and being understanding
about the names that broke because of it.

About the author

Peter van Dijk

Peter van Dijk

Senior Developer at PowerDNS


Related Articles

The PowerDNS Spring Cleaning

Hi everybody, In this post we’d like to update you on what has been achieved in the development of the PowerDNS 4.x...

Bert Hubert 11/7/15

PowerDNS Security Advisory 2014-02

PowerDNS Security Advisory 2014-02: PowerDNS Recursor 3.6.1 and earlier can be made to provide bad service Hi everybody,...

Bert Hubert 12/2/14

Recursor 3.6.3

Hi everybody, We’re pleased to announce version 3.6.3 of our Recursor. The most important part of this update is a fix for...

Peter van Dijk 04/5/15

PowerDNS Recursor 4.0.8 Released

Today we announce the release of the PowerDNS Recursor 4.0.8 which contains a fix for the following security advisory:...

Erik Winkels 12/2/17