Sicherheit: Mehrere Probleme in Knot
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Knot
ID: FEDORA-2017-038e821698
Distribution: Fedora
Plattformen: Fedora 25
Datum: Do, 9. März 2017, 16:42
Referenzen: Keine Angabe
Applikationen: Knot


Name        : knot
Product : Fedora 25
Version : 2.4.1
Release : 1.fc25
URL : http://www.knot-dns.cz
Summary : High-performance authoritative DNS server
Description :
Knot DNS is a high-performance authoritative DNS server implementation.

Update Information:

Knot Resolver 1.2.3 (2017-02-23) ================================ Bugfixes
-------- - Disable storing GLUE records into the cache even in the (non-
default) QUERY_PERMISSIVE mode - iterate: skip answer RRs that don't match
query - layer/iterate: some additional processing for referrals - lib/resolve:
zonecut fetching error was fixed Knot Resolver 1.2.2 (2017-02-10)
================================ Bugfixes: --------- - Fix -k argument
processing to avoid out-of-bounds memory accesses - lib/resolve: fix zonecut
fetching for explicit DS queries - hints: more NULL checks - Fix TA
bootstrapping for multiple TAs in the IANA XML file Testing: -------- - Update
tests to run tests with and without QNAME minimization Knot Resolver 1.2.1
(2017-02-01) ==================================== Security: --------- - Under
certain conditions, a cached negative answer from a CD query would be reused
to construct response for non-CD queries, resulting in Insecure status
of Bogus. Only 1.2.0 release was affected. Documentation ------------- -
Update the typo in the documentation: The query trace policy is named
policy.QTRACE (and not policy.TRACE) Bugfixes: --------- - lua: make the map
command check its arguments Knot DNS 2.4.1 (2017-02-10)
=========================== Bugfixes: -------- - Transfer of a huge rrset
into an infinite loop - Huge response over TCP contains useless TC bit instead
of SERVFAIL - Failed to build utilities with disabled daemon - Memory leaks
during keys removal - Rough TSIG packet reservation causes early truncation -
Minor out-of-bounds string termination write in rrset dump - Server crash
during stop if failed to open timers DB - Poor minimum UDP-max-size
configuration check - Failed to receive one-record-per-message IXFR-style AXFR
- Kdig timeouts when receiving RCODE != NOERROR on subsequent transfer message
Improvements: ------------- - Speed-up of rdata addition into a huge rrset -
Introduce check of minumum timeout for next refresh - Dnsproxy module can
forward all queries without local resolving ---- Latest upstream release.
Includes bugfixes for DNSSEC key management. ---- Latest upstream versions
with bunch of impotant bugfixes.

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade knot' at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux @Facebook
Neue Nachrichten