--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2017-df53d02da7
2017-03-20 22:11:58.760895
--------------------------------------------------------------------------------

Name        : knot-resolver
Product     : Fedora 25
Version     : 1.2.4
Release     : 1.fc25
URL         : https://www.knot-resolver.cz/
Summary     : Caching full DNS Resolver
Description :
The Knot DNS Resolver is a caching full resolver implementation written in C
and LuaJIT, including both a resolver library and a daemon. Modular
architecture of the library keeps the core tiny and efficient, and provides
a state-machine like API for extensions.

The package is pre-configured as local caching resolver.
To start using it, just start the local DNS socket:


BEWARE:
Because of https://bugzilla.redhat.com/show_bug.cgi?id=1366968
you need to switch your system to SELinux permissive mode.

--------------------------------------------------------------------------------
Update Information:

new upstream release + security: Knot Resolver 1.2.0 and higher could return AD
flag for insecure answer if the daemon received answer with invalid RRSIG
several times in a row. + fix: layer/iterate: some improvements in cname chain
unrolling + fix: layer/validate: fix duplicate records in AUTHORITY section in
case + fix: of WC expansion proof + fix: lua: do *not* truncate cache size to
unsigned + fix: forwarding mode: correctly forward +cd flag + fix: fix a
potential memory leak + fix: don't treat answers that contain DS non-existance
proof as insecure + fix: don't store NSEC3 and their signatures in the cache +
fix: layer/iterate: when processing delegations, check if qname is at or below
new authority + enhancement: modules/policy: allow QTRACE policy to be chained
with other policies + enhancement: hints.add_hosts(path): a new property +
enhancement: module: document the API and simplify the code + enhancement:
policy.MIRROR: support IPv6 link-local addresses + enhancement: policy.FORWARD:
support IPv6 link-local addresses + enhancement: add net.outgoing_{v4,v6} to
allow specifying address to use for connections
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade knot-resolver' at the command line.
For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora 25: knot-resolver Security Update

March 21, 2017
new upstream release + security: Knot Resolver 1.2.0 and higher could return AD flag for insecure answer if the daemon received answer with invalid RRSIG several times in a row

Summary

The Knot DNS Resolver is a caching full resolver implementation written in C

and LuaJIT, including both a resolver library and a daemon. Modular

architecture of the library keeps the core tiny and efficient, and provides

a state-machine like API for extensions.

The package is pre-configured as local caching resolver.

To start using it, just start the local DNS socket:

BEWARE:

Because of https://bugzilla.redhat.com/show_bug.cgi?id=1366968

you need to switch your system to SELinux permissive mode.

Update Information:

new upstream release + security: Knot Resolver 1.2.0 and higher could return AD flag for insecure answer if the daemon received answer with invalid RRSIG several times in a row. + fix: layer/iterate: some improvements in cname chain unrolling + fix: layer/validate: fix duplicate records in AUTHORITY section in case + fix: of WC expansion proof + fix: lua: do *not* truncate cache size to unsigned + fix: forwarding mode: correctly forward +cd flag + fix: fix a potential memory leak + fix: don't treat answers that contain DS non-existance proof as insecure + fix: don't store NSEC3 and their signatures in the cache + fix: layer/iterate: when processing delegations, check if qname is at or below new authority + enhancement: modules/policy: allow QTRACE policy to be chained with other policies + enhancement: hints.add_hosts(path): a new property + enhancement: module: document the API and simplify the code + enhancement: policy.MIRROR: support IPv6 link-local addresses + enhancement: policy.FORWARD: support IPv6 link-local addresses + enhancement: add net.outgoing_{v4,v6} to allow specifying address to use for connections

Change Log

References

Fedora Update Notification FEDORA-2017-df53d02da7 2017-03-20 22:11:58.760895 Name : knot-resolver Product : Fedora 25 Version : 1.2.4 Release : 1.fc25 URL : https://www.knot-resolver.cz/ Summary : Caching full DNS Resolver Description : The Knot DNS Resolver is a caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is pre-configured as local caching resolver. To start using it, just start the local DNS socket: BEWARE: Because of https://bugzilla.redhat.com/show_bug.cgi?id=1366968 you need to switch your system to SELinux permissive mode.

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade knot-resolver' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
Name : knot-resolver
Product : Fedora 25
Version : 1.2.4
Release : 1.fc25
URL : https://www.knot-resolver.cz/
Summary : Caching full DNS Resolver

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved