Today we announce the release of the PowerDNS Recursor 4.0.8 which contains a fix for the following security advisory:
- PowerDNS Security Advisory 2017-08: Crafted CNAME answer can cause a denial of service (CVE-2017-15120)
The full changelog looks like this:
Bug fixes
- #5930: Don’t assume TXT record is first record for secpoll
- #6082: Don’t add non-IN records to the cache
The tarball is available on downloads.powerdns.com (signature) and packages for CentOS 6 and 7, Debian Jessie and Stretch, Ubuntu Artful, Trusty, Xenial and Zesty are available from repo.powerdns.com.
Please send us all feedback and issues you might have via the mailinglist, or in case of a bug, via GitHub.