Software update: PowerDNS Recursor 4.3.1 / 4.2.2. / 4.1.16

Spread the love

PowerDNS is a dns server with a database as backend, which makes it easy to manage a large number of dns entries. The developers previously decided to release the two parts that make up PowerDNS, a recursor and an authoritative name server, to make a new version faster and more targeted, the developers said.

When you perform a dns lookup, a recursor initially starts asking the lookup query to a dns root server. This can then redirect to other servers, from where it can redirect to other servers and so on, until finally a server is reached that knows the answer or knows that the look-up is not possible. The latter can be the case if the name does not exist or the servers do not respond. The process of going through different authoritative servers is called recursion. The developers have released PowerDNS Recursor 4.3.1, 4.2.2, and 4.1.16. The changes in these expenses are as follows:

PowerDNS Recursor 4.3.1, 4.2.2 and 4.1.16 Released

Hello!,

Today we are releasing PowerDNS Recursor 4.3.1, 4.2.2. and 4.1.16, containing security fixes for three CVEs:

  • CVE-2020-10995
  • CVE-2020-12244
  • CVE-2020-10030

The issues are:

  • CVE-2020-10995: An issue in the DNS protocol has been found that allows malicious parties to use recursive DNS services to attack third party authoritative name servers. Severity is medium. We would like to thank Lior Shafir, Yehuda Afek and Anat Bremler-Barr for finding and subsequently reporting this issue!
  • CVE-2020-12244: Records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated. Severity is medium. We would like to thank Matt Nordhoff for finding and subsequently reporting this issue!
  • CVE-2020-10030: An attacker with enough privileges to change the hostname might be able to disclose uninitialized memory. This issue also affects the Authoritative Server and dnsdist; since the attack requires very high privileges and the issue does not affect Linux, we will not be releasing new versions for those just for this issue. Severity is low.

As usual, there were also other smaller enhancements and bug fixes. Please refer to the 4.3.1 changelog, 4.2.2 changelog and 4.1.16 changelog for details.

The 4.3.1 tarball (signature), 4.2.2 tarball (signature) and 4.1.16 tarball (signature) are available at downloads.powerdns.com and packages for CentOS 6, 7 and 8, Debian Stretch and Buster, Ubuntu Xenial and Bionic are available from repo.powerdns.com.

Note that the 4.1 packages will be published later today.

4.0 and older releases are EOL, refer to the documentation for details about our release cycles.

Please send us all feedback and issues you might have via the mailing list, or in case of a bug, via GitHub.

Version number 4.3.1 / 4.2.2. / 4.1.16
Release status Final
Operating systems Linux, BSD, macOS, Solaris, UNIX
Website PowerDNS
Download https://downloads.powerdns.com/
License type Conditions (GNU/BSD/etc.)
You might also like