Today we announce the release of the PowerDNS Recursor 4.0.8 which contains a fix for the following security advisory:
- PowerDNS Security Advisory 2017-08: Crafted CNAME answer can cause a denial of service (CVE-2017-15120)
The full changelog looks like this:
- #5930: Don’t assume TXT record is first record for secpoll
- #6082: Don’t add non-IN records to the cache
The tarball is available on downloads.powerdns.com (signature) and packages for CentOS 6 and 7, Debian Jessie and Stretch, Ubuntu Artful, Trusty, Xenial and Zesty are available from repo.powerdns.com.