Login-Name Passwort


Sicherheit: Mehrere Probleme in knot-resolver
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in knot-resolver
ID: FEDORA-2017-038e821698
Distribution: Fedora
Plattformen: Fedora 25
Datum: Do, 9. März 2017, 16:44
Referenzen: Keine Angabe


Name        : knot-resolver
Product : Fedora 25
Version : 1.2.3
Release : 1.fc25
URL : https://www.knot-resolver.cz/
Summary : Caching full DNS Resolver
Description :
The Knot DNS Resolver is a caching full resolver implementation written in C
and LuaJIT, including both a resolver library and a daemon. Modular
architecture of the library keeps the core tiny and efficient, and provides
a state-machine like API for extensions.

The package is pre-configured as local caching resolver.
To start using it, just start the local DNS socket:

Because of https://bugzilla.redhat.com/show_bug.cgi?id=1366968
you need to switch your system to SELinux permissive mode.

Update Information:

Knot Resolver 1.2.3 (2017-02-23) ================================ Bugfixes
-------- - Disable storing GLUE records into the cache even in the (non-
default) QUERY_PERMISSIVE mode - iterate: skip answer RRs that don't match
query - layer/iterate: some additional processing for referrals - lib/resolve:
zonecut fetching error was fixed Knot Resolver 1.2.2 (2017-02-10)
================================ Bugfixes: --------- - Fix -k argument
processing to avoid out-of-bounds memory accesses - lib/resolve: fix zonecut
fetching for explicit DS queries - hints: more NULL checks - Fix TA
bootstrapping for multiple TAs in the IANA XML file Testing: -------- - Update
tests to run tests with and without QNAME minimization Knot Resolver 1.2.1
(2017-02-01) ==================================== Security: --------- - Under
certain conditions, a cached negative answer from a CD query would be reused
to construct response for non-CD queries, resulting in Insecure status
of Bogus. Only 1.2.0 release was affected. Documentation ------------- -
Update the typo in the documentation: The query trace policy is named
policy.QTRACE (and not policy.TRACE) Bugfixes: --------- - lua: make the map
command check its arguments Knot DNS 2.4.1 (2017-02-10)
=========================== Bugfixes: -------- - Transfer of a huge rrset
into an infinite loop - Huge response over TCP contains useless TC bit instead
of SERVFAIL - Failed to build utilities with disabled daemon - Memory leaks
during keys removal - Rough TSIG packet reservation causes early truncation -
Minor out-of-bounds string termination write in rrset dump - Server crash
during stop if failed to open timers DB - Poor minimum UDP-max-size
configuration check - Failed to receive one-record-per-message IXFR-style AXFR
- Kdig timeouts when receiving RCODE != NOERROR on subsequent transfer message
Improvements: ------------- - Speed-up of rdata addition into a huge rrset -
Introduce check of minumum timeout for next refresh - Dnsproxy module can
forward all queries without local resolving ---- Latest upstream release.
Includes bugfixes for DNSSEC key management. ---- Latest upstream versions
with bunch of impotant bugfixes.

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade knot-resolver' at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Traut euch!
Neue Nachrichten