Created attachment 189992 [details] Update to PowerDNS Recursor 4.1.1 This release contains a fix for a security advisory. Details (and the other changes) can be found here: https://blog.powerdns.com/2018/01/22/powerdns-recursor-4-1-1/ The 4.0.x branch is not vulnerable. Also simplified the Lua/LuaJIT engine choice.
Take.
A commit references this bug: Author: krion Date: Tue Jan 23 11:04:07 UTC 2018 New revision: 459742 URL: https://svnweb.freebsd.org/changeset/ports/459742 Log: Update to version 4.1.1 - Fixes "PowerDNS Security Advisory 2018-01: Insufficient validation of DNSSEC signatures". An issue has been found in the DNSSEC validation component of PowerDNS Recursor, allowing an ancestor delegation NSEC or NSEC3 record to be used to wrongfully prove the non-existence of a RR below the owner name of that record. This would allow an attacker in position of man-in-the-middle to send a NXDOMAIN answer for a name that does exist. The 4.0.x branch is not vulnerable. - Add support for algo16 and simplify Lua/LuaJIT engine choice. PR: 225397 Submitted by: maintainer Security: CVE-2018-1000003 Changes: head/dns/powerdns-recursor/Makefile head/dns/powerdns-recursor/distinfo
A commit references this bug: Author: krion Date: Tue Jan 23 15:45:26 UTC 2018 New revision: 459779 URL: https://svnweb.freebsd.org/changeset/ports/459779 Log: MFH: r459742 Update to version 4.1.1 - Fixes "PowerDNS Security Advisory 2018-01: Insufficient validation of DNSSEC signatures". An issue has been found in the DNSSEC validation component of PowerDNS Recursor, allowing an ancestor delegation NSEC or NSEC3 record to be used to wrongfully prove the non-existence of a RR below the owner name of that record. This would allow an attacker in position of man-in-the-middle to send a NXDOMAIN answer for a name that does exist. The 4.0.x branch is not vulnerable. - Add support for algo16 and simplify Lua/LuaJIT engine choice. PR: 225397 Submitted by: maintainer Security: CVE-2018-1000003 Approved by: ports-secteam Changes: _U branches/2018Q1/ branches/2018Q1/dns/powerdns-recursor/Makefile branches/2018Q1/dns/powerdns-recursor/distinfo