Headline
CVE-2019-10163: PowerDNS Authoritative Server 4.0.8 and 4.1.10 Released
A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue.
June 21, 2019
These are security releases.
The 4.0.8 and 4.1.10 (together with 4.1.9) releases fix the following security advisories:
- PowerDNS Security Advisory 2019-04 (CVE-2019-10162)
- PowerDNS Security Advisory 2019-05 (CVE-2019-10163)
Please also see the 4.0.8 and 4.1.10 changelogs for more details.
The 4.0.8 tarball (signature) and 4.1.10 tarball (signature) are available at downloads.powerdns.com and packages for CentOS 6 and 7, Debian Jessie and Stretch, Ubuntu Trusty, Xenial and Bionic (only for 4.1.10) are available from repo.powerdns.com.
Please send us all feedback and issues you might have via the mailing list, or in case of a bug, via GitHub.