[Bug 216136] dns/powerdns: Upgrade to recent version (v4.0.2) - current(4.0.1) has critical vulnerabilities

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Mon Jan 16 10:22:27 UTC 2017 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216136

            Bug ID: 216136
           Summary: dns/powerdns: Upgrade to recent version (v4.0.2) -
                    current(4.0.1) has critical vulnerabilities
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: freebsd-ports-bugs at FreeBSD.org
          Reporter: i.dani at outlook.com
                CC: tremere at cainites.net
                CC: tremere at cainites.net
             Flags: maintainer-feedback?(tremere at cainites.net)

The current version avilable for FreeBSD is vulnerable since 13.01.2017 and has
already been patched upstream.

See here:
https://blog.powerdns.com/2017/01/13/powerdns-authoritative-server-4-0-2-released/

Available version: 4.0.1_3
Patched version: 4.0.2

Important Changes

Security:
- Don’t parse spurious RRs in queries when we don’t need them (Security
Advisory 2016-02)
- Don’t exit if the webserver can’t accept a connection (Security Advisory
2016-03)
- Check TSIG signature on IXFR (Security Advisory 2016-04)
- Correctly check unknown record content size (Security Advisory 2016-05)

Fixes:
- ODBC backend: actually prepare statements
- Improve root-zone performance
- Plug memory leak in postgresql backend (Christian Hofstaedtler)
calidns: Don’t crash if we don’t have enough ‘unknown’ queries remaining
- Improve PacketCache cleaning (Kees Monshouwer)
- Bind backend: update status message on reload, keep the existing zone on
failure
- Fix TSIG for single thread distributor (Kees Monshouwer)
- Change default for any-to-tcp to yes (Kees Monshouwer)
- Don’t look up the packet cache for TSIG-enabled queries
- Fix build with OpenSSL 1.1.0 final (Christian Hofstaedtler)
- pdnsutil: create-slave-zone accept multiple masters (Hannu Ylitalo)

-> Full Changelog:
https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-402

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-ports-bugs mailing list