drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in Knot
Name: |
Denial of Service in Knot |
|
ID: |
FEDORA-2014-11038 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 20 |
|
Datum: |
So, 28. September 2014, 12:56 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0486 |
|
Applikationen: |
Knot |
|
Originalnachricht |
Name : knot Product : Fedora 20 Version : 1.5.3 Release : 1.fc20 URL : http://www.knot-dns.cz Summary : An authoritative DNS daemon Description : Knot DNS is a high-performance authoritative DNS server implementation.
------------------------------------------------------------------------------- - Update Information:
New upstream release (1.5.3):
- fix crash on specific incoming IXFR message
- fix rare synchronization error during server reload
- fix crash in reverse record synthesis module on DNSSEC signed zones
- fix message ID and opcode for AXFR-style IXFR responses
- fix sending of large responses to remote control commands
New upstream release:
- CVE-2014-0486: remote crash using crafted DNS message
- transfers: do not refuse AXFR answers to IXFR queries
- fix storing of hash character '#' in zone file
------------------------------------------------------------------------------- - ChangeLog:
* Mon Sep 15 2014 Jan Vcelak <jvcelak@fedoraproject.org> 1.5.3-1 - new upstream release: + fix crash on specific incoming IXFR message + fix rare synchronization error during server reload + fix crash in reverse record synthesis module on DNSSEC signed zones + fix message ID and opcode for AXFR-style IXFR responses + fix sending of large responses to remote control commands * Mon Sep 8 2014 Jan Vcelak <jvcelak@fedoraproject.org> 1.5.2-1 - new upstream release: + CVE-2014-0486: remote crash using crafted DNS message + transfers: do not refuse AXFR answers to IXFR queries + fix storing of hash character '#' in zone file * Tue Aug 19 2014 Jan Vcelak <jvcelak@fedoraproject.org> 1.5.1-1 - new upstream release: + logging: unified logging messages + logging: support for systemd journal + DDNS: processing updates in bulk + DDNS: fix signing of responses with TSIG + DDNS: fix prerequisites checking in apex node + DNSSEC: fix domain names conversion to canonical format before signing + DNSSEC: semantic checks for signing keys + EDNS: fix inclusion of OPT record into some packets + knsupdate: fix use of zone origin for deletions * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Thu Jul 10 2014 Jan Vcelak <jvcelak@fedoraproject.org> 1.5.0-1 - update to 1.5.0 + reimplemented DDNS forwarding + transfer sizes logged in bytes + logging of outgoing/incoming NOTIFY messages + zone flush planning after bootstrap + DDNS signing changes freeing + knotc key handling - update to 1.5.0-rc2 + edns-client-subnet support in kdig + optional asynchronous startup (config 'asynchronous-start') + preempt task queue for faster reload + lazy zone file write after zone transfer (config 'zonefile-sync') + close zone transfer after SERVFAIL response + incremental to full zone transfer fallback, wrong log message + zone events corner cases, reload replanning - update to 1.5.0-rc1 + Pluggable query processing modules + Synthetic IPv4/IPv6 reverse/forward records (optional module) + Dnstap support in both utilities & server (optional module) + NOTIFY message support and new TSIG section in kdig + Multi-master support + Query processing and core functionality overhaul + Performance and reduced memory footprint + Faster zone events scheduling + RFC compliant queries/responses in some corner cases + Log messages + New documentation (Sphinx) - enabled dynamic linking - removed info pages * Wed Jun 18 2014 Jan Vcelak <jvcelak@fedoraproject.org> 1.4.7-1 - update to 1.4.7 + Fixed DDNS corner cases + Fixed zone EXPIRE timer + Fixed semantic checks false positives + Fixed sending malformed IXFR with automatic DNSSEC + Fixed NAPTR record serialization * Thu May 22 2014 Jan Vcelak <jvcelak@fedoraproject.org> 1.4.6-2 - update to 1.4.6 + DNSSEC: fix possible signing loop when doing key rollover + RRL: fixed sending of malformed UDP empty responses * Mon Apr 14 2014 Jan Vcelak <jvcelak@fedoraproject.org> 1.4.5-1 - update to 1.4.5 + fix weakness in TSIG digest checking * Thu Mar 27 2014 Jan Vcelak <jvcelak@fedoraproject.org> 1.4.4-1 - update to 1.4.4 + server is logging remote control commands + 'knotc reload' doesn't refresh unchanged zones + 'knotc -f refresh' forces zone retransfer + missing notifications after DDNS/automatic resign + zone is rebootstrapped if the zone file is unreadable + progressive bootstrap retry backoff + zone file parser allows asterisk as part of the label + journal maximum entry size fixes + sign DNSKEYs in non-apex nodes as regular RR sets + various spelling and typo fixes * Tue Feb 18 2014 Jan Vcelak <jvcelak@fedoraproject.org> 1.4.3-1 - update to 1.4.3 + DNSSEC: fixes in authenticated denial proofs + zone parser: case insensitive comparison of $ORIGIN + journal: fix corruption if zone loading fails + config: add support for includes of directories * Wed Feb 12 2014 Jan Vcelak <jvcelak@fedoraproject.org> 1.4.2-3 - rebuild with new userspace-rcu * Mon Jan 27 2014 Jan Vcelak <jvcelak@fedoraproject.org> 1.4.2-2 - enable IDN support in domain names * Mon Jan 27 2014 Jan Vcelak <jvcelak@fedoraproject.org> 1.4.2-1 - update to 1.4.2 * Mon Jan 13 2014 Jan Vcelak <jvcelak@fedoraproject.org> 1.4.1-1 - update to 1.4.1 * Mon Jan 6 2014 Jan Vcelak <jvcelak@fedoraproject.org> 1.4.0-1 - update to 1.4.0 * Fri Dec 13 2013 Jan Vcelak <jvcelak@fedoraproject.org> 1.4.0-0.2.rc2 - update to 1.4.0-rc2 * Tue Nov 26 2013 Jan Vcelak <jvcelak@fedoraproject.org> 1.4.0-0.1.rc1 - update to 1.4.0-rc1 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update knot' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|