Login
Newsletter
Werbung

Sicherheit: Denial of Service in knot-resolver
Aktuelle Meldungen Distributionen
Name: Denial of Service in knot-resolver
ID: FEDORA-2018-389bc4e911
Distribution: Fedora
Plattformen: Fedora 28
Datum: Do, 10. Mai 2018, 12:06
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1110

Originalnachricht

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2018-389bc4e911
2018-05-09 21:21:50.031636
-------------------------------------------------------------------------------
-

Name : knot-resolver
Product : Fedora 28
Version : 2.3.0
Release : 1.fc28
URL : https://www.knot-resolver.cz/
Summary : Caching full DNS Resolver
Description :
The Knot DNS Resolver is a caching full resolver implementation written in C
and LuaJIT, including both a resolver library and a daemon. Modular
architecture of the library keeps the core tiny and efficient, and provides
a state-machine like API for extensions.

The package is pre-configured as local caching resolver.
To start using it, start a single kresd instance:
$ systemctl start kresd@1.service

-------------------------------------------------------------------------------
-
Update Information:

Knot Resolver 2.3.0 (2018-04-23) ================================ Security
-------- - fix CVE-2018-1110: denial of service triggered by malformed DNS
messages (!550, !558, security!2, security!4) - increase resilience against
slow lorris attack (security!5) Bugfixes -------- - validation: fix SERVFAIL
in
case of CNAME to NXDOMAIN in a single zone (!538) - validation: fix SERVFAIL
for
DS . query (!544) - lib/resolve: don't send unecessary queries to parent
zone
(!513) - iterate: fix validation for zones where parent and child share NS
(!543) - TLS: improve error handling and documentation (!536, !555, !559)
Improvements ------------ - prefill: new module to periodically import root
zone
into cache (replacement for RFC 7706, !511) - network_listen_fd: always
create
end point for supervisor supplied file descriptor - use CPPFLAGS build
environment variable if set (!547)
-------------------------------------------------------------------------------
-
ChangeLog:

* Mon Apr 23 2018 Tomas Krizek <tomas.krizek@nic.cz> - 2.3.0-1
Knot Resolver 2.3.0 (2018-04-23)
================================

Security
--------
- fix CVE-2018-1110: denial of service triggered by malformed DNS messages
(!550, !558, security!2, security!4)
- increase resilience against slow lorris attack (security!5)

Bugfixes
--------
- validation: fix SERVFAIL in case of CNAME to NXDOMAIN in a single zone (!538)
- validation: fix SERVFAIL for DS . query (!544)
- lib/resolve: don't send unecessary queries to parent zone (!513)
- iterate: fix validation for zones where parent and child share NS (!543)
- TLS: improve error handling and documentation (!536, !555, !559)

Improvements
------------
- prefill: new module to periodically import root zone into cache
(replacement for RFC 7706, !511)
- network_listen_fd: always create end point for supervisor supplied file
descriptor
- use CPPFLAGS build environment variable if set (!547)
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-389bc4e911' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung