The new packages aren't available for Raspbian yet; would someone check the build systems for Raspbian? Thanks.
On Tue, May 19, 2020 at 4:58 AM Otto Moerbeek via Pdns-announce <pdns-annou...@mailman.powerdns.com> wrote: > > Hello!, > > Today we are releasing PowerDNS Recursor 4.3.1, 4.2.2. and 4.1.16, > containing security fixes for three CVEs: > > - CVE-2020-10995[1] > - CVE-2020-12244[2] > - CVE-2020-10030[3] > > The issues are: > > CVE-2020-10995: An issue in the DNS protocol has been found that allows > malicious parties to use recursive DNS services to attack third party > authoritative name servers. Severity is medium. We would like to thank > Lior Shafir, Yehuda Afek and Anat Bremler-Barr for finding and > subsequently reporting this issue! > > CVE-2020-12244: Records in the answer section of a NXDOMAIN response > lacking an SOA were not properly validated. Severity is medium. We would > like to thank Matt Nordhoff for finding and subsequently reporting this > issue! > > CVE-2020-10030: An attacker with enough privileges to change the > hostname might be able to disclose uninitialized memory. This issue also > affects the Authoritative Server and dnsdist; since the attack requires > very high privileges and the issue does not affect Linux, we will not be > releasing new versions for those just for this issue. Severity is low. > > As usual, there were also other smaller enhancements and bugfixes. > Please refer to the 4.3.1 changelog[4], 4.2.2 changelog[5] and 4.1.16 > changelog[6] for details. > > The 4.3.1 tarball[7] (signature[8]), 4.2.2 tarball[9] (signature[10]) > and 4.1.16 tarball[11] (signature[12]) are available at our download > site[13] and packages for CentOS 6, 7 and 8, Debian Stretch and Buster, > Ubuntu Xenial and Bionic are available from our repository[14] > > Note that the 4.1 packages will be published later today. > > 4.0 and older releases are EOL, refer to the documentation[15] for > details about our release cycles. > > Please send us all feedback and issues you might have via the mailing > list[16], or in case of a bug, via GitHub[17]. > > > [1] > https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html > [2] > https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-02.html > [3] > https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-03.html > [4] https://doc.powerdns.com/recursor/changelog/4.3.html#change-4.3.1 > [5] https://doc.powerdns.com/recursor/changelog/4.2.html#change-4.2.2 > [6] https://doc.powerdns.com/recursor/changelog/4.1.html#change-4.1.16 > [7] https://downloads.powerdns.com/releases/pdns-recursor-4.3.1.tar.bz2 > [8] https://downloads.powerdns.com/releases/pdns-recursor-4.3.1.tar.bz2.sig > [9] https://downloads.powerdns.com/releases/pdns-recursor-4.2.2.tar.bz2 > [10] https://downloads.powerdns.com/releases/pdns-recursor-4.2.2.tar.bz2.sig > [11] https://downloads.powerdns.com/releases/pdns-recursor-4.1.16.tar.bz2 > [12] > https://downloads.powerdns.com/releases/pdns-recursor-4.1.16.tar.bz2.sig > [13] https://downloads.powerdns.com/releases > [14] https://repo.powerdns.com/ > [15] https://docs.powerdns.com/recursor/appendices/EOL.html > [16] https://mailman.powerdns.com/mailman/listinfo/pdns-users > [17] https://github.com/PowerDNS/pdns/issues/new/choose > > -- > kind regards, > Otto Moerbeek > Senior PowerDNS Developer > > Email: otto.moerb...@open-xchange.com > > _______________________________________________ > Pdns-announce mailing list > pdns-annou...@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/pdns-announce _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
