Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in knot-resolver
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in knot-resolver
ID: FEDORA-2017-038e821698
Distribution: Fedora
Plattformen: Fedora 25
Datum: Do, 9. März 2017, 16:44
Referenzen: Keine Angabe
Applikationen: Knot DNS

Originalnachricht

Name        : knot-resolver
Product : Fedora 25
Version : 1.2.3
Release : 1.fc25
URL : https://www.knot-resolver.cz/
Summary : Caching full DNS Resolver
Description :
The Knot DNS Resolver is a caching full resolver implementation written in C
and LuaJIT, including both a resolver library and a daemon. Modular
architecture of the library keeps the core tiny and efficient, and provides
a state-machine like API for extensions.

The package is pre-configured as local caching resolver.
To start using it, just start the local DNS socket:


BEWARE:
Because of https://bugzilla.redhat.com/show_bug.cgi?id=1366968
you need to switch your system to SELinux permissive mode.

-------------------------------------------------------------------------------
-
Update Information:

Knot Resolver 1.2.3 (2017-02-23) ================================ Bugfixes
-------- - Disable storing GLUE records into the cache even in the (non-
default) QUERY_PERMISSIVE mode - iterate: skip answer RRs that don't match
the
query - layer/iterate: some additional processing for referrals - lib/resolve:
zonecut fetching error was fixed Knot Resolver 1.2.2 (2017-02-10)
================================ Bugfixes: --------- - Fix -k argument
processing to avoid out-of-bounds memory accesses - lib/resolve: fix zonecut
fetching for explicit DS queries - hints: more NULL checks - Fix TA
bootstrapping for multiple TAs in the IANA XML file Testing: -------- - Update
tests to run tests with and without QNAME minimization Knot Resolver 1.2.1
(2017-02-01) ==================================== Security: --------- - Under
certain conditions, a cached negative answer from a CD query would be reused
to construct response for non-CD queries, resulting in Insecure status
instead
of Bogus. Only 1.2.0 release was affected. Documentation ------------- -
Update the typo in the documentation: The query trace policy is named
policy.QTRACE (and not policy.TRACE) Bugfixes: --------- - lua: make the map
command check its arguments Knot DNS 2.4.1 (2017-02-10)
=========================== Bugfixes: -------- - Transfer of a huge rrset
goes
into an infinite loop - Huge response over TCP contains useless TC bit instead
of SERVFAIL - Failed to build utilities with disabled daemon - Memory leaks
during keys removal - Rough TSIG packet reservation causes early truncation -
Minor out-of-bounds string termination write in rrset dump - Server crash
during stop if failed to open timers DB - Poor minimum UDP-max-size
configuration check - Failed to receive one-record-per-message IXFR-style AXFR
- Kdig timeouts when receiving RCODE != NOERROR on subsequent transfer message
Improvements: ------------- - Speed-up of rdata addition into a huge rrset -
Introduce check of minumum timeout for next refresh - Dnsproxy module can
forward all queries without local resolving ---- Latest upstream release.
Includes bugfixes for DNSSEC key management. ---- Latest upstream versions
with bunch of impotant bugfixes.
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade knot-resolver' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung