PowerDNS Recursor 4.3.5, 4.2.5. and 4.1.18 released fixing a cache pollution issue (CVE-2020-25829)

Related Vulnerabilities: CVE-2020-25829  
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
PowerDNS Recursor 4.3.5, 4.2.5. and 4.1.18 released fixing a cache pollution issue (CVE-2020-25829)

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Otto Moerbeek &lt;otto.moerbeek () open-xchange com&gt;

Date: Tue, 13 Oct 2020 13:13:59 +0200

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
Hello!,

Today we are releasing PowerDNS Recursor 4.3.5, 4.2.5. and 4.1.18,
containing a security fix for CVE-2020-25829[1]:

An issue has been found in PowerDNS Recursor where a remote attacker
can cause the cached records for a given name to be updated to the
Bogus DNSSEC validation state, instead of their actual DNSSEC Secure
state, via a DNS ANY query. This results in a denial of service for
installations that always validate (dnssec=validate) and for clients
requesting validation when on-demand validation is enabled
(dnssec=process). The severity is high for these cases.

As usual, there were also other smaller enhancements and
bugfixes. Please refer to the 4.3.5 changelog[2], 4.2.5 changelog[3]
and 4.1.18 changelog[4] for details.

The 4.3.5 tarball[5] (signature[6]), 4.2.5 tarball[7] (signature[8])
and 4.1.18 tarball[9] (signature[10]) are available at our download
site[11] and packages for CentOS 6, 7 and 8, Debian Stretch and
Buster, Ubuntu Xenial and Bionic are available from our
repository[12].

4.0 and older releases are EOL, refer to the documentation[13] for details
about our release cycles.

Please send us all feedback and issues you might have via the mailing
list[14], or in case of a bug, via GitHub[15].

Regards,

 -Otto and the PowerDNS Team
 
[1] https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html
[2] https://doc.powerdns.com/recursor/changelog/4.3.html#change-4.3.5
[3] https://doc.powerdns.com/recursor/changelog/4.2.html#change-4.2.5
[4] https://doc.powerdns.com/recursor/changelog/4.1.html#change-4.1.18
[5] https://downloads.powerdns.com/releases/pdns-recursor-4.3.5.tar.bz2
[6] https://downloads.powerdns.com/releases/pdns-recursor-4.3.5.tar.bz2.sig
[7] https://downloads.powerdns.com/releases/pdns-recursor-4.2.5.tar.bz2
[8] https://downloads.powerdns.com/releases/pdns-recursor-4.2.5.tar.bz2.sig
[9] https://downloads.powerdns.com/releases/pdns-recursor-4.1.18.tar.bz2
[10] https://downloads.powerdns.com/releases/pdns-recursor-4.1.18.tar.bz2.sig
[11] https://downloads.powerdns.com/releases/
[12] https://repo.powerdns.com/
[13] https://docs.powerdns.com/recursor/appendices/EOL.html
[14] https://mailman.powerdns.com/mailman/listinfo/pdns-users
[15] https://github.com/PowerDNS/pdns/issues/new/choose

-- 
kind regards,
Otto Moerbeek
Senior PowerDNS Developer

Email: otto.moerbeek () open-xchange com

Attachment:
signature.asc
Description: OpenPGP digital signature

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

PowerDNS Recursor 4.3.5, 4.2.5. and 4.1.18 released fixing a cache pollution issue (CVE-2020-25829) Otto Moerbeek (Oct 13)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->