From: Otto Moerbeek Date: Wed, 18 Jan 2023 08:55:43 +0000 (+0100) Subject: Prep for rec-4.8.1 X-Git-Tag: dnsdist-1.8.0-rc1~104^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0111664f7b58f2f695948ba2f99c2bd26b16dafc;p=thirdparty%2Fpdns.git Prep for rec-4.8.1 --- diff --git a/docs/secpoll.zone b/docs/secpoll.zone index c58cccae50..f677a617a3 100644 --- a/docs/secpoll.zone +++ b/docs/secpoll.zone @@ -1,4 +1,4 @@ -@ 86400 IN SOA pdns-public-ns1.powerdns.com. peter\.van\.dijk.powerdns.com. 2022121200 10800 3600 604800 10800 +@ 86400 IN SOA pdns-public-ns1.powerdns.com. peter\.van\.dijk.powerdns.com. 2023012001 10800 3600 604800 10800 @ 3600 IN NS pdns-public-ns1.powerdns.com. @ 3600 IN NS pdns-public-ns2.powerdns.com. @@ -334,11 +334,12 @@ recursor-4.7.1.security-status 60 IN TXT "3 Upgrade now recursor-4.7.2.security-status 60 IN TXT "1 OK" recursor-4.7.3.security-status 60 IN TXT "1 OK" recursor-4.7.4.security-status 60 IN TXT "1 OK" -recursor-4.8.0-alpha1.security-status 60 IN TXT "2 Unsupported pre-release" -recursor-4.8.0-beta1.security-status 60 IN TXT "2 Unsupported pre-release" -recursor-4.8.0-beta2.security-status 60 IN TXT "2 Unsupported pre-release" -recursor-4.8.0-rc1.security-status 60 IN TXT "2 Unsupported pre-release" -recursor-4.8.0.security-status 60 IN TXT "1 OK" +recursor-4.8.0-alpha1.security-status 60 IN TXT "3 Unsupported pre-release (known vulnerabilities)" +recursor-4.8.0-beta1.security-status 60 IN TXT "3 Unsupported pre-release (known vulnerabilities)" +recursor-4.8.0-beta2.security-status 60 IN TXT "3 Unsupported pre-release (known vulnerabilities)" +recursor-4.8.0-rc1.security-status 60 IN TXT "3 Unsupported pre-release (known vulnerabilities)" +recursor-4.8.0.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2023-01.html" +recursor-4.8.1.security-status 60 IN TXT "1 OK" ; Recursor Debian recursor-3.6.2-2.debian.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/3/security/powerdns-advisory-2015-01/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-02/" diff --git a/pdns/recursordist/docs/changelog/4.8.rst b/pdns/recursordist/docs/changelog/4.8.rst index c70cdffa94..493542825a 100644 --- a/pdns/recursordist/docs/changelog/4.8.rst +++ b/pdns/recursordist/docs/changelog/4.8.rst @@ -1,6 +1,16 @@ Changelogs for 4.8.X ==================== +.. changelog:: + :version: 4.8.1 + :released: 20th of January 2023 + + .. change:: + :tags: Bug Fixes + :pullreq: 12442 + + Avoid unbounded recursion when retrieving DS records from some misconfigured domains. CVE-2023-22617. + .. changelog:: :version: 4.8.0 :released: 12th of December 2022 diff --git a/pdns/recursordist/docs/security-advisories/powerdns-advisory-2023-01.rst b/pdns/recursordist/docs/security-advisories/powerdns-advisory-2023-01.rst new file mode 100644 index 0000000000..d9a743b019 --- /dev/null +++ b/pdns/recursordist/docs/security-advisories/powerdns-advisory-2023-01.rst @@ -0,0 +1,16 @@ +PowerDNS Security Advisory 2023-01: unbounded recursion results in program termination +====================================================================================== + +- CVE: CVE-2023-22617 +- Date: 20th of January 2023 +- Affects: PowerDNS Recursor 4.8.0 +- Not affected: PowerDNS Recursor < 4.8.0, PowerDNS Recursor 4.8.1 +- Severity: High +- Impact: Denial of service +- Exploit: This problem can be triggered by a remote attacker with access to the recursor by querying names from specific mis-configured domains +- Risk of system compromise: None +- Solution: Upgrade to patched version + +CVSS 3.0 score: 8.2 (High) +https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:H/RL:U/RC:C +