[Fwd: [Pdns-announce] security advisories for Authoritative 4.3.1, 4.2.3, 4.1.14]

[Peter van Dijk <peter.van.dijk () powerdns com>]

-------- Forwarded Message --------
From: Peter van Dijk via Pdns-announce <
pdns-announce () mailman powerdns com>
Reply-To: Peter van Dijk <peter.van.dijk () powerdns com>
To: pdns-announce () mailman powerdns com, pdns-dev () mailman powerdns com, 
pdns-users () mailman powerdns com
Subject: [Pdns-announce] security advisories for Authoritative 4.3.1, 
4.2.3, 4.1.14
Date: Tue, 22 Sep 2020 21:48:04 +0200

Hello,

Today we have released PowerDNS Authoritative Server versions 4.3.1, 4.2.3 and 4.1.14, containing a fix for PowerDNS 
Security Advisory 2020-05 [1].

Additionally, we are publishing PowerDNS Security Advisory 2020-06 [2] today (‘Various issues have been found in our 
GSS-TSIG support, where an unauthorized attacker could cause crashes, possibly leak uninitialised memory, and possibly 
execute arbitrary code.’). Our GSS-TSIG support was never shipped in any packages by us or, to our knowledge, any other 
distributions. The GSS-TSIG code will be gone in version 4.4.0. We’ve chosen to leave the code intact for older 
versions, so that users that do rely on it today can keep doing so, keeping in mind the risks detailed in Advisory 
2020-06.

Regarding 2020-05: An issue has been found in PowerDNS Authoritative Server where an authorized user with the ability 
to insert crafted records into a zone might be able to leak the content of uninitialized memory. Such a user could be a 
customer inserting data via a control panel, or somebody with access to the REST API. Crafted records cannot be 
inserted via AXFR. This issue is resolved in the versions mentioned above. (4.1.14 changelog [3], 4.2.3 changelog [4])

Version 4.3.2 also contains various other bug fixes and improvements, please see the changelog [5] for all details.

Tarballs and signatures are available at https://downloads.powerdns.com/releases/

Packages for various Linux distributions are available from our repository at https://repo.powerdns.com/

4.0 and older releases are EOL, refer to the documentation for details about our release cycles.

Please send us all feedback and issues you might have via the mailing list or our IRC channel, or in case of a bug, via 
GitHub.

1: https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html
2: https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html
3: https://doc.powerdns.com/authoritative/changelog/4.1.html#change-4.1.14
4: https://doc.powerdns.com/authoritative/changelog/4.2.html#change-4.2.3
5: https://doc.powerdns.com/authoritative/changelog/4.2.html#change-4.3.1

Kind regards,
-- 
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
_______________________________________________
Pdns-announce mailing list
Pdns-announce () mailman powerdns com
https://mailman.powerdns.com/mailman/listinfo/pdns-announce

Attachment: signature.asc
Description: This is a digitally signed message part