--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2018-389bc4e911
2018-05-09 21:21:50.031636
--------------------------------------------------------------------------------Name        : knot-resolver
Product     : Fedora 28
Version     : 2.3.0
Release     : 1.fc28
URL         : https://www.knot-resolver.cz/
Summary     : Caching full DNS Resolver
Description :
The Knot DNS Resolver is a caching full resolver implementation written in C
and LuaJIT, including both a resolver library and a daemon. Modular
architecture of the library keeps the core tiny and efficient, and provides
a state-machine like API for extensions.

The package is pre-configured as local caching resolver.
To start using it, start a single kresd instance:
$ systemctl start kresd@1.service

--------------------------------------------------------------------------------Update Information:

Knot Resolver 2.3.0 (2018-04-23) ================================  Security
-------- - fix CVE-2018-1110: denial of service triggered by malformed DNS
messages   (!550, !558, security!2, security!4) - increase resilience against
slow lorris attack (security!5)  Bugfixes -------- - validation: fix SERVFAIL in
case of CNAME to NXDOMAIN in a single zone (!538) - validation: fix SERVFAIL for
DS . query (!544) - lib/resolve: don't send unecessary queries to parent zone
(!513) - iterate: fix validation for zones where parent and child share NS
(!543) - TLS: improve error handling and documentation (!536, !555, !559)
Improvements ------------ - prefill: new module to periodically import root zone
into cache   (replacement for RFC 7706, !511) - network_listen_fd: always create
end point for supervisor supplied file descriptor - use CPPFLAGS build
environment variable if set (!547)
--------------------------------------------------------------------------------ChangeLog:

* Mon Apr 23 2018 Tomas Krizek  - 2.3.0-1
Knot Resolver 2.3.0 (2018-04-23)
===============================
Security
--------- fix CVE-2018-1110: denial of service triggered by malformed DNS messages
  (!550, !558, security!2, security!4)
- increase resilience against slow lorris attack (security!5)

Bugfixes
--------- validation: fix SERVFAIL in case of CNAME to NXDOMAIN in a single zone (!538)
- validation: fix SERVFAIL for DS . query (!544)
- lib/resolve: don't send unecessary queries to parent zone (!513)
- iterate: fix validation for zones where parent and child share NS (!543)
- TLS: improve error handling and documentation (!536, !555, !559)

Improvements
------------- prefill: new module to periodically import root zone into cache
  (replacement for RFC 7706, !511)
- network_listen_fd: always create end point for supervisor supplied file descriptor
- use CPPFLAGS build environment variable if set (!547)
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-389bc4e911' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora 28: knot-resolver Security Update

May 9, 2018
Knot Resolver 2.3.0 (2018-04-23) -------- - fix CVE-2018-1110: denial of service triggered by malformed DNS messages (!550, !558, security!2, security!4) - increase resilience aga...

Summary

The Knot DNS Resolver is a caching full resolver implementation written in C

and LuaJIT, including both a resolver library and a daemon. Modular

architecture of the library keeps the core tiny and efficient, and provides

a state-machine like API for extensions.

The package is pre-configured as local caching resolver.

To start using it, start a single kresd instance:

$ systemctl start kresd@1.service

Knot Resolver 2.3.0 (2018-04-23) ================================ Security

-------- - fix CVE-2018-1110: denial of service triggered by malformed DNS

messages (!550, !558, security!2, security!4) - increase resilience against

slow lorris attack (security!5) Bugfixes -------- - validation: fix SERVFAIL in

case of CNAME to NXDOMAIN in a single zone (!538) - validation: fix SERVFAIL for

DS . query (!544) - lib/resolve: don't send unecessary queries to parent zone

(!513) - iterate: fix validation for zones where parent and child share NS

(!543) - TLS: improve error handling and documentation (!536, !555, !559)

Improvements ------------ - prefill: new module to periodically import root zone

into cache (replacement for RFC 7706, !511) - network_listen_fd: always create

end point for supervisor supplied file descriptor - use CPPFLAGS build

environment variable if set (!547)

* Mon Apr 23 2018 Tomas Krizek - 2.3.0-1

Knot Resolver 2.3.0 (2018-04-23)

===============================

Security

--------- fix CVE-2018-1110: denial of service triggered by malformed DNS messages

(!550, !558, security!2, security!4)

- increase resilience against slow lorris attack (security!5)

Bugfixes

--------- validation: fix SERVFAIL in case of CNAME to NXDOMAIN in a single zone (!538)

- validation: fix SERVFAIL for DS . query (!544)

- lib/resolve: don't send unecessary queries to parent zone (!513)

- iterate: fix validation for zones where parent and child share NS (!543)

- TLS: improve error handling and documentation (!536, !555, !559)

Improvements

------------- prefill: new module to periodically import root zone into cache

(replacement for RFC 7706, !511)

- network_listen_fd: always create end point for supervisor supplied file descriptor

- use CPPFLAGS build environment variable if set (!547)

su -c 'dnf upgrade --advisory FEDORA-2018-389bc4e911' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

FEDORA-2018-389bc4e911 2018-05-09 21:21:50.031636 Product : Fedora 28 Version : 2.3.0 Release : 1.fc28 URL : https://www.knot-resolver.cz/ Summary : Caching full DNS Resolver Description : The Knot DNS Resolver is a caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is pre-configured as local caching resolver. To start using it, start a single kresd instance: $ systemctl start kresd@1.service Knot Resolver 2.3.0 (2018-04-23) ================================ Security -------- - fix CVE-2018-1110: denial of service triggered by malformed DNS messages (!550, !558, security!2, security!4) - increase resilience against slow lorris attack (security!5) Bugfixes -------- - validation: fix SERVFAIL in case of CNAME to NXDOMAIN in a single zone (!538) - validation: fix SERVFAIL for DS . query (!544) - lib/resolve: don't send unecessary queries to parent zone (!513) - iterate: fix validation for zones where parent and child share NS (!543) - TLS: improve error handling and documentation (!536, !555, !559) Improvements ------------ - prefill: new module to periodically import root zone into cache (replacement for RFC 7706, !511) - network_listen_fd: always create end point for supervisor supplied file descriptor - use CPPFLAGS build environment variable if set (!547) * Mon Apr 23 2018 Tomas Krizek - 2.3.0-1 Knot Resolver 2.3.0 (2018-04-23) =============================== Security --------- fix CVE-2018-1110: denial of service triggered by malformed DNS messages (!550, !558, security!2, security!4) - increase resilience against slow lorris attack (security!5) Bugfixes --------- validation: fix SERVFAIL in case of CNAME to NXDOMAIN in a single zone (!538) - validation: fix SERVFAIL for DS . query (!544) - lib/resolve: don't send unecessary queries to parent zone (!513) - iterate: fix validation for zones where parent and child share NS (!543) - TLS: improve error handling and documentation (!536, !555, !559) Improvements ------------- prefill: new module to periodically import root zone into cache (replacement for RFC 7706, !511) - network_listen_fd: always create end point for supervisor supplied file descriptor - use CPPFLAGS build environment variable if set (!547) su -c 'dnf upgrade --advisory FEDORA-2018-389bc4e911' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Change Log

References

Update Instructions

Severity
Product : Fedora 28
Version : 2.3.0
Release : 1.fc28
URL : https://www.knot-resolver.cz/
Summary : Caching full DNS Resolver

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved