PowerDNS Blog

Security Advisory 2015-01 | PowerDNS Blog

Written by Peter van Dijk | Apr 23, 2015 4:00:00 AM

UPDATE: please also read the update posted on May 1st.

Hi everybody,

Please be aware of PowerDNS Security Advisory 2015-01
(http://doc.powerdns.com/md/security/powerdns-advisory-2015-01/).

The good news is that as far as we have seen, only
specific builds for RHEL5 are affected, but just to be sure we are doing
full releases of all recent versions of our products.

Packages and distribution tar balls of Recursor 3.6.3, Recursor 3.7.2 and Auth
3.4.4 are available in the usual places, and release announcements have just gone out.

If you prefer a minimal patch, please go to
https://downloads.powerdns.com/patches/2015-01/ and see README.txt there.

If you have problems upgrading, please either contact us on our mailing lists,
or privately via powerdns.support@powerdns.com (should you wish to make use of
our SLA-backed support program).

We want to thank Aki Tuomi for finding this issue, and really digging into it.
We also want to thank Kees Monshouwer for assisting in debugging and fixing
the offending code. Finally we want to thank Kai Storbeck for putting an
earlier, broken version of the patch into production and being understanding
about the names that broke because of it.