Security Advisory 2015-01

Apr 23, 2015

UPDATE: please also read the update posted on May 1st.

Hi everybody,

Please be aware of PowerDNS Security Advisory 2015-01

The good news is that as far as we have seen, only
specific builds for RHEL5 are affected, but just to be sure we are doing
full releases of all recent versions of our products.

Packages and distribution tar balls of Recursor 3.6.3, Recursor 3.7.2 and Auth
3.4.4 are available in the usual places, and release announcements have just gone out.

If you prefer a minimal patch, please go to and see README.txt there.

If you have problems upgrading, please either contact us on our mailing lists,
or privately via (should you wish to make use of
our SLA-backed support program).

We want to thank Aki Tuomi for finding this issue, and really digging into it.
We also want to thank Kees Monshouwer for assisting in debugging and fixing
the offending code. Finally we want to thank Kai Storbeck for putting an
earlier, broken version of the patch into production and being understanding
about the names that broke because of it.

About the author

Peter van Dijk

Peter van Dijk

Senior Developer at PowerDNS


Related Articles

PowerDNS supports the launch of 1&1’s 5G network

At the end of last year, 1&1 announced the availability of its 5G network for mobile internet subscribers in Germany – this...

Neil Cook Jan 26, 2024

OpenWrt Repositories for DNSdist Now Available from PowerDNS

OpenWrt, the popular open-source GNU/Linux distribution for embedded devices (typically wireless routers), enables users to...

Andrea Carpani Jul 13, 2023

Introducing the new PowerDNS website

Dear visitors, The website, maintained and occasionally updated by the PowerDNS Engineering team,...

Robert Brandt Jun 16, 2023

PPF Telecom Group chooses Allot’s PowerDNS-based DNS Secure

PPF Telecom Group has chosen Allot DNS Secure, based on PowerDNS, to provide cybersecurity services to the customers of...

The Editorial Team Jun 2, 2023