Changelogs for 4.0.x
====================
+PowerDNS Authoritative Server 4.0.8
+-----------------------------------
+
+Released 21st of June 2019
+
+This release fixes PowerDNS Security Advisories
+:doc:`2019-04 <../security-advisories/powerdns-advisory-2019-04>` and
+:doc:`2019-05 <../security-advisories/powerdns-advisory-2019-05>`.
+
PowerDNS Authoritative Server 4.0.7
-----------------------------------
Changelogs for 4.1.x
====================
+.. changelog::
+ :version: 4.1.10
+ :released: June 21st 2019
+
+ This release and 4.1.9 together fix the following security advisories:
+
+ - PowerDNS Security Advisory :doc:`2019-04 <../security-advisories/powerdns-advisory-2019-04>` (CVE-2019-10162)
+ - PowerDNS Security Advisory :doc:`2019-05 <../security-advisories/powerdns-advisory-2019-05>` (CVE-2019-10163)
+
+ .. change::
+ :tags: Bug Fixes
+ :pullreq: 7964
+
+ Do not exit on exception parsing names of name servers to notify.
+
+
.. changelog::
:version: 4.1.9
:released: June 19th 2019
.. change::
- :tags: Performance
+ :tags: Bug Fixes
+ :pullreq: 7663
+
+ Do not exit on exception resolving addresses to notify.
+
+ .. change::
+ :tags: Bug Fixes
+ :pullreq: 7829
+
+ Avoid very busy looping on lots of notifies.
+
+ .. change::
+ :tags: New Features
:pullreq: 7922
Add an option to disable superslaving.
-@ 86400 IN SOA pdns-public-ns1.powerdns.com. pieter\.lexis.powerdns.com. 2019061801 10800 3600 604800 10800
+@ 86400 IN SOA pdns-public-ns1.powerdns.com. pieter\.lexis.powerdns.com. 2019062101 10800 3600 604800 10800
@ 3600 IN NS pdns-public-ns1.powerdns.com.
@ 3600 IN NS pdns-public-ns2.powerdns.com.
; Auth
auth-4.0.4.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html"
auth-4.0.5.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html"
auth-4.0.6.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html"
-auth-4.0.7.security-status 60 IN TXT "1 OK"
+auth-4.0.7.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-05.html"
+auth-4.0.8.security-status 60 IN TXT "1 OK"
auth-4.1.0-rc1.security-status 60 IN TXT "3 Unsupported pre-release (known vulnerabilities)"
auth-4.1.0-rc2.security-status 60 IN TXT "3 Unsupported pre-release (known vulnerabilities)"
auth-4.1.0-rc3.security-status 60 IN TXT "3 Unsupported pre-release (known vulnerabilities)"
auth-4.1.4.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-05.html"
auth-4.1.5.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html"
auth-4.1.6.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html"
-auth-4.1.7.security-status 60 IN TXT "1 OK"
-auth-4.1.8.security-status 60 IN TXT "1 OK"
-auth-4.1.9.security-status 60 IN TXT "1 OK"
+auth-4.1.7.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-04.html https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.html"
+auth-4.1.8.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-04.html https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.html"
+auth-4.1.9.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-04.html https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.html"
+auth-4.1.10.security-status 60 IN TXT "1 OK"
auth-4.2.0-alpha1.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html"
auth-4.2.0-beta1.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html"
auth-4.2.0-rc1.security-status 60 IN TXT "1 OK"
--- /dev/null
+PowerDNS Security Advisory 2019-04: Denial of service via crafted zone records
+==============================================================================
+
+- CVE: CVE-2019-10162
+- Date: June 21st 2019
+- Affects: PowerDNS Authoritative up to and including 4.1.9
+- Not affected: 4.1.10, 4.0.8
+- Severity: Medium
+- Impact: Denial of Service
+- Exploit: This problem can be triggered via crafted records
+- Risk of system compromise: No
+- Solution: Upgrade to a non-affected version
+- Workaround: run the process inside the guardian or inside a supervisor
+
+An issue has been found in PowerDNS Authoritative Server allowing an
+authorized user to cause the server to exit by inserting a crafted
+record in a MASTER type zone under their control. The issue is due
+to the fact that the Authoritative Server will exit when it runs into a
+parsing error while looking up the NS/A/AAAA records it is about to
+use for an outgoing notify.
+
+This issue has been assigned CVE-2019-10162.
+
+PowerDNS Authoritative up to and including 4.1.9 is affected.
+Please note that at the time of writing, PowerDNS Authoritative 3.4 and
+below are no longer supported, as described in
+https://doc.powerdns.com/authoritative/appendices/EOL.html.
+
+We would like to thank Gert van Dijk for finding and subsequently
+reporting this issue!
--- /dev/null
+PowerDNS Security Advisory 2019-05: Denial of service via NOTIFY packets
+========================================================================
+
+- CVE: CVE-2019-10163
+- Date: June 21st 2019
+- Affects: PowerDNS Authoritative up to and including 4.1.8
+- Not affected: 4.1.9, 4.0.8
+- Severity: Medium
+- Impact: Denial of Service
+- Exploit: This problem can be triggered via the sending of NOTIFY
+ packets from an authorized master
+- Risk of system compromise: No
+- Solution: Upgrade to a non-affected version
+
+An issue has been found in PowerDNS Authoritative Server allowing a
+remote, authorized master server to cause a high CPU load or
+even prevent any further updates to any slave zone by sending a
+large number of NOTIFY messages.
+Note that only servers configured as slaves are affected by this issue.
+
+This issue has been assigned CVE-2019-10163.
+
+PowerDNS Authoritative up to and including 4.1.8 is affected.
+Please note that at the time of writing, PowerDNS Authoritative 3.4 and
+below are no longer supported, as described in
+https://doc.powerdns.com/authoritative/appendices/EOL.html.
+
+We would like to thank George Asenov for finding and subsequently
+reporting this issue!
projects / pdns / commitdiff