drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in knot-resolver
Name: |
Denial of Service in knot-resolver |
|
ID: |
FEDORA-2018-389bc4e911 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 28 |
|
Datum: |
Do, 10. Mai 2018, 12:06 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1110 |
|
Applikationen: |
Knot DNS |
|
Originalnachricht |
------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2018-389bc4e911 2018-05-09 21:21:50.031636 ------------------------------------------------------------------------------- -
Name : knot-resolver Product : Fedora 28 Version : 2.3.0 Release : 1.fc28 URL : https://www.knot-resolver.cz/ Summary : Caching full DNS Resolver Description : The Knot DNS Resolver is a caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions.
The package is pre-configured as local caching resolver. To start using it, start a single kresd instance: $ systemctl start kresd@1.service
------------------------------------------------------------------------------- - Update Information:
Knot Resolver 2.3.0 (2018-04-23) ================================ Security -------- - fix CVE-2018-1110: denial of service triggered by malformed DNS messages (!550, !558, security!2, security!4) - increase resilience against slow lorris attack (security!5) Bugfixes -------- - validation: fix SERVFAIL in case of CNAME to NXDOMAIN in a single zone (!538) - validation: fix SERVFAIL for DS . query (!544) - lib/resolve: don't send unecessary queries to parent zone (!513) - iterate: fix validation for zones where parent and child share NS (!543) - TLS: improve error handling and documentation (!536, !555, !559) Improvements ------------ - prefill: new module to periodically import root zone into cache (replacement for RFC 7706, !511) - network_listen_fd: always create end point for supervisor supplied file descriptor - use CPPFLAGS build environment variable if set (!547) ------------------------------------------------------------------------------- - ChangeLog:
* Mon Apr 23 2018 Tomas Krizek <tomas.krizek@nic.cz> - 2.3.0-1 Knot Resolver 2.3.0 (2018-04-23) ================================
Security -------- - fix CVE-2018-1110: denial of service triggered by malformed DNS messages (!550, !558, security!2, security!4) - increase resilience against slow lorris attack (security!5)
Bugfixes -------- - validation: fix SERVFAIL in case of CNAME to NXDOMAIN in a single zone (!538) - validation: fix SERVFAIL for DS . query (!544) - lib/resolve: don't send unecessary queries to parent zone (!513) - iterate: fix validation for zones where parent and child share NS (!543) - TLS: improve error handling and documentation (!536, !555, !559)
Improvements ------------ - prefill: new module to periodically import root zone into cache (replacement for RFC 7706, !511) - network_listen_fd: always create end point for supervisor supplied file descriptor - use CPPFLAGS build environment variable if set (!547) ------------------------------------------------------------------------------- -
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-389bc4e911' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
|
|
|
|