--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-5812
2015-04-09 04:56:35
--------------------------------------------------------------------------------

Name        : knot
Product     : Fedora 20
Version     : 1.6.3
Release     : 1.fc20
URL         : https://www.knot-dns.cz/
Summary     : An authoritative DNS daemon
Description :
Knot DNS is a high-performance authoritative DNS server implementation.

--------------------------------------------------------------------------------
Update Information:

new upstream release
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr  8 2015 Jan Vcelak  1.6.3-1
- new upstream release:
  + fix: performance drop for NSEC-signed zones
  + fix: proper handling of TCP short-writes
  + fix: possible out-of-bound reads in zone parser and packet parser
  + feature: CDS and CDNSKEY support in zone parser
  + improvement: add defaults for TCP config options into documentation
  + improvement: detailed error message if zone reload fails
* Thu Feb 19 2015 Jan Vcelak  1.6.2-1
- new upstream release:
  + new config option 'max-tcp-clients'
  + fix possible resource leak when terminating inactive TCP clients
* Tue Jan 20 2015 Jan Vcelak  1.6.1-3
- service file changes:
  + remove dependency on network.target
  + remove bounding capabilities (breaks reload)
* Sat Dec 13 2014 Jan Vcelak  1.6.1-2
- new upstream release:
  + DNSSEC: support for Single-Type Signing Scheme
  + fix: journal file growing over configured limit
- service file changes:
  + run as 'knot' user and group
  + set security bounding capabilities
  + change Type to 'notify'
* Thu Oct 30 2014 Jan Vcelak  1.6.0-2
- default config: run server as unprivileged user
- service file: remove useless startup dependencies
- service file: add bounding capabilities
* Thu Oct 23 2014 Jan Vcelak  1.6.0-1
- new upstream release:
  + support for persistent zone timers (expire, refresh, and flush)
  + DNSSEC: RFC-compliant processing of letter case in RDATA domain names
  + EDNS: return minimal response for queries with unsupported version
  + EDNS: fix interpretation of Extended RCODE
  + transfers: fix forced zone retransfer
  + timers: properly expire zone when transfer is being refused by master
* Mon Sep 15 2014 Jan Vcelak  1.5.3-1
- new upstream release:
  + fix crash on specific incoming IXFR message
  + fix rare synchronization error during server reload
  + fix crash in reverse record synthesis module on DNSSEC signed zones
  + fix message ID and opcode for AXFR-style IXFR responses
  + fix sending of large responses to remote control commands
* Mon Sep  8 2014 Jan Vcelak  1.5.2-1
- new upstream release:
  + CVE-2014-0486: remote crash using crafted DNS message
  + transfers: do not refuse AXFR answers to IXFR queries
  + fix storing of hash character '#' in zone file
* Tue Aug 19 2014 Jan Vcelak  1.5.1-1
- new upstream release:
  + logging: unified logging messages
  + logging: support for systemd journal
  + DDNS: processing updates in bulk
  + DDNS: fix signing of responses with TSIG
  + DDNS: fix prerequisites checking in apex node
  + DNSSEC: fix domain names conversion to canonical format before signing
  + DNSSEC: semantic checks for signing keys
  + EDNS: fix inclusion of OPT record into some packets
  + knsupdate: fix use of zone origin for deletions
* Sun Aug 17 2014 Fedora Release Engineering  - 1.5.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Thu Jul 10 2014 Jan Vcelak  1.5.0-1
- update to 1.5.0
  + reimplemented DDNS forwarding
  + transfer sizes logged in bytes
  + logging of outgoing/incoming NOTIFY messages
  + zone flush planning after bootstrap
  + DDNS signing changes freeing
  + knotc key handling
- update to 1.5.0-rc2
  + edns-client-subnet support in kdig
  + optional asynchronous startup (config 'asynchronous-start')
  + preempt task queue for faster reload
  + lazy zone file write after zone transfer (config 'zonefile-sync')
  + close zone transfer after SERVFAIL response
  + incremental to full zone transfer fallback, wrong log message
  + zone events corner cases, reload replanning
- update to 1.5.0-rc1
  + Pluggable query processing modules
  + Synthetic IPv4/IPv6 reverse/forward records (optional module)
  + Dnstap support in both utilities & server (optional module)
  + NOTIFY message support and new TSIG section in kdig
  + Multi-master support
  + Query processing and core functionality overhaul
  + Performance and reduced memory footprint
  + Faster zone events scheduling
  + RFC compliant queries/responses in some corner cases
  + Log messages
  + New documentation (Sphinx)
- enabled dynamic linking
- removed info pages
* Wed Jun 18 2014 Jan Vcelak  1.4.7-1
- update to 1.4.7
  + Fixed DDNS corner cases
  + Fixed zone EXPIRE timer
  + Fixed semantic checks false positives
  + Fixed sending malformed IXFR with automatic DNSSEC
  + Fixed NAPTR record serialization
* Thu May 22 2014 Jan Vcelak  1.4.6-2
- update to 1.4.6
  + DNSSEC: fix possible signing loop when doing key rollover
  + RRL: fixed sending of malformed UDP empty responses
* Mon Apr 14 2014 Jan Vcelak  1.4.5-1
- update to 1.4.5
  + fix weakness in TSIG digest checking
* Thu Mar 27 2014 Jan Vcelak  1.4.4-1
- update to 1.4.4
  + server is logging remote control commands
  + 'knotc reload' doesn't refresh unchanged zones
  + 'knotc -f refresh' forces zone retransfer
  + missing notifications after DDNS/automatic resign
  + zone is rebootstrapped if the zone file is unreadable
  + progressive bootstrap retry backoff
  + zone file parser allows asterisk as part of the label
  + journal maximum entry size fixes
  + sign DNSKEYs in non-apex nodes as regular RR sets
  + various spelling and typo fixes
* Tue Feb 18 2014 Jan Vcelak  1.4.3-1
- update to 1.4.3
  + DNSSEC: fixes in authenticated denial proofs
  + zone parser: case insensitive comparison of $ORIGIN
  + journal: fix corruption if zone loading fails
  + config: add support for includes of directories
* Wed Feb 12 2014 Jan Vcelak  1.4.2-3
- rebuild with new userspace-rcu
* Mon Jan 27 2014 Jan Vcelak  1.4.2-2
- enable IDN support in domain names
* Mon Jan 27 2014 Jan Vcelak  1.4.2-1
- update to 1.4.2
* Mon Jan 13 2014 Jan Vcelak  1.4.1-1
- update to 1.4.1
* Mon Jan  6 2014 Jan Vcelak  1.4.0-1
- update to 1.4.0
* Fri Dec 13 2013 Jan Vcelak  1.4.0-0.2.rc2
- update to 1.4.0-rc2
* Tue Nov 26 2013 Jan Vcelak  1.4.0-0.1.rc1
- update to 1.4.0-rc1
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update knot' at the command line.
For more information, refer to "Managing Software with yum",
available at .

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-announce.lists.fedoraproject.org/

Fedora 20: knot Security Update

April 18, 2015
new upstream release

Summary

Knot DNS is a high-performance authoritative DNS server implementation.

Update Information:

new upstream release

Change Log

* Wed Apr 8 2015 Jan Vcelak 1.6.3-1 - new upstream release: + fix: performance drop for NSEC-signed zones + fix: proper handling of TCP short-writes + fix: possible out-of-bound reads in zone parser and packet parser + feature: CDS and CDNSKEY support in zone parser + improvement: add defaults for TCP config options into documentation + improvement: detailed error message if zone reload fails * Thu Feb 19 2015 Jan Vcelak 1.6.2-1 - new upstream release: + new config option 'max-tcp-clients' + fix possible resource leak when terminating inactive TCP clients * Tue Jan 20 2015 Jan Vcelak 1.6.1-3 - service file changes: + remove dependency on network.target + remove bounding capabilities (breaks reload) * Sat Dec 13 2014 Jan Vcelak 1.6.1-2 - new upstream release: + DNSSEC: support for Single-Type Signing Scheme + fix: journal file growing over configured limit - service file changes: + run as 'knot' user and group + set security bounding capabilities + change Type to 'notify' * Thu Oct 30 2014 Jan Vcelak 1.6.0-2 - default config: run server as unprivileged user - service file: remove useless startup dependencies - service file: add bounding capabilities * Thu Oct 23 2014 Jan Vcelak 1.6.0-1 - new upstream release: + support for persistent zone timers (expire, refresh, and flush) + DNSSEC: RFC-compliant processing of letter case in RDATA domain names + EDNS: return minimal response for queries with unsupported version + EDNS: fix interpretation of Extended RCODE + transfers: fix forced zone retransfer + timers: properly expire zone when transfer is being refused by master * Mon Sep 15 2014 Jan Vcelak 1.5.3-1 - new upstream release: + fix crash on specific incoming IXFR message + fix rare synchronization error during server reload + fix crash in reverse record synthesis module on DNSSEC signed zones + fix message ID and opcode for AXFR-style IXFR responses + fix sending of large responses to remote control commands * Mon Sep 8 2014 Jan Vcelak 1.5.2-1 - new upstream release: + CVE-2014-0486: remote crash using crafted DNS message + transfers: do not refuse AXFR answers to IXFR queries + fix storing of hash character '#' in zone file * Tue Aug 19 2014 Jan Vcelak 1.5.1-1 - new upstream release: + logging: unified logging messages + logging: support for systemd journal + DDNS: processing updates in bulk + DDNS: fix signing of responses with TSIG + DDNS: fix prerequisites checking in apex node + DNSSEC: fix domain names conversion to canonical format before signing + DNSSEC: semantic checks for signing keys + EDNS: fix inclusion of OPT record into some packets + knsupdate: fix use of zone origin for deletions * Sun Aug 17 2014 Fedora Release Engineering - 1.5.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Thu Jul 10 2014 Jan Vcelak 1.5.0-1 - update to 1.5.0 + reimplemented DDNS forwarding + transfer sizes logged in bytes + logging of outgoing/incoming NOTIFY messages + zone flush planning after bootstrap + DDNS signing changes freeing + knotc key handling - update to 1.5.0-rc2 + edns-client-subnet support in kdig + optional asynchronous startup (config 'asynchronous-start') + preempt task queue for faster reload + lazy zone file write after zone transfer (config 'zonefile-sync') + close zone transfer after SERVFAIL response + incremental to full zone transfer fallback, wrong log message + zone events corner cases, reload replanning - update to 1.5.0-rc1 + Pluggable query processing modules + Synthetic IPv4/IPv6 reverse/forward records (optional module) + Dnstap support in both utilities & server (optional module) + NOTIFY message support and new TSIG section in kdig + Multi-master support + Query processing and core functionality overhaul + Performance and reduced memory footprint + Faster zone events scheduling + RFC compliant queries/responses in some corner cases + Log messages + New documentation (Sphinx) - enabled dynamic linking - removed info pages * Wed Jun 18 2014 Jan Vcelak 1.4.7-1 - update to 1.4.7 + Fixed DDNS corner cases + Fixed zone EXPIRE timer + Fixed semantic checks false positives + Fixed sending malformed IXFR with automatic DNSSEC + Fixed NAPTR record serialization * Thu May 22 2014 Jan Vcelak 1.4.6-2 - update to 1.4.6 + DNSSEC: fix possible signing loop when doing key rollover + RRL: fixed sending of malformed UDP empty responses * Mon Apr 14 2014 Jan Vcelak 1.4.5-1 - update to 1.4.5 + fix weakness in TSIG digest checking * Thu Mar 27 2014 Jan Vcelak 1.4.4-1 - update to 1.4.4 + server is logging remote control commands + 'knotc reload' doesn't refresh unchanged zones + 'knotc -f refresh' forces zone retransfer + missing notifications after DDNS/automatic resign + zone is rebootstrapped if the zone file is unreadable + progressive bootstrap retry backoff + zone file parser allows asterisk as part of the label + journal maximum entry size fixes + sign DNSKEYs in non-apex nodes as regular RR sets + various spelling and typo fixes * Tue Feb 18 2014 Jan Vcelak 1.4.3-1 - update to 1.4.3 + DNSSEC: fixes in authenticated denial proofs + zone parser: case insensitive comparison of $ORIGIN + journal: fix corruption if zone loading fails + config: add support for includes of directories * Wed Feb 12 2014 Jan Vcelak 1.4.2-3 - rebuild with new userspace-rcu * Mon Jan 27 2014 Jan Vcelak 1.4.2-2 - enable IDN support in domain names * Mon Jan 27 2014 Jan Vcelak 1.4.2-1 - update to 1.4.2 * Mon Jan 13 2014 Jan Vcelak 1.4.1-1 - update to 1.4.1 * Mon Jan 6 2014 Jan Vcelak 1.4.0-1 - update to 1.4.0 * Fri Dec 13 2013 Jan Vcelak 1.4.0-0.2.rc2 - update to 1.4.0-rc2 * Tue Nov 26 2013 Jan Vcelak 1.4.0-0.1.rc1 - update to 1.4.0-rc1

References

Fedora Update Notification FEDORA-2015-5812 2015-04-09 04:56:35 Name : knot Product : Fedora 20 Version : 1.6.3 Release : 1.fc20 URL : https://www.knot-dns.cz/ Summary : An authoritative DNS daemon Description : Knot DNS is a high-performance authoritative DNS server implementation.

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update knot' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
Name : knot
Product : Fedora 20
Version : 1.6.3
Release : 1.fc20
URL : https://www.knot-dns.cz/
Summary : An authoritative DNS daemon

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved