--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2017-038e821698
2017-03-09 08:01:59.598458
--------------------------------------------------------------------------------

Name        : knot
Product     : Fedora 25
Version     : 2.4.1
Release     : 1.fc25
URL         : https://www.knot-dns.cz/
Summary     : High-performance authoritative DNS server
Description :
Knot DNS is a high-performance authoritative DNS server implementation.

--------------------------------------------------------------------------------
Update Information:

Knot Resolver 1.2.3 (2017-02-23) ================================  Bugfixes
-------- - Disable storing GLUE records into the cache even in the   (non-
default) QUERY_PERMISSIVE mode - iterate: skip answer RRs that don't match the
query - layer/iterate: some additional processing for referrals - lib/resolve:
zonecut fetching error was fixed  Knot Resolver 1.2.2 (2017-02-10)
================================  Bugfixes: --------- - Fix -k argument
processing to avoid out-of-bounds memory accesses - lib/resolve: fix zonecut
fetching for explicit DS queries - hints: more NULL checks - Fix TA
bootstrapping for multiple TAs in the IANA XML file  Testing: -------- - Update
tests to run tests with and without QNAME minimization  Knot Resolver 1.2.1
(2017-02-01) ====================================  Security: --------- - Under
certain conditions, a cached negative answer from a CD query   would be reused
to construct response for non-CD queries, resulting   in Insecure status instead
of Bogus.  Only 1.2.0 release was affected.  Documentation ------------- -
Update the typo in the documentation: The query trace policy is   named
policy.QTRACE (and not policy.TRACE)  Bugfixes: --------- - lua: make the map
command check its arguments   Knot DNS 2.4.1 (2017-02-10)
===========================  Bugfixes: --------  - Transfer of a huge rrset goes
into an infinite loop  - Huge response over TCP contains useless TC bit instead
of SERVFAIL  - Failed to build utilities with disabled daemon  - Memory leaks
during keys removal  - Rough TSIG packet reservation causes early truncation  -
Minor out-of-bounds string termination write in rrset dump  - Server crash
during stop if failed to open timers DB  - Poor minimum UDP-max-size
configuration check  - Failed to receive one-record-per-message IXFR-style AXFR
- Kdig timeouts when receiving RCODE != NOERROR on subsequent transfer message
Improvements: -------------  - Speed-up of rdata addition into a huge rrset  -
Introduce check of minumum timeout for next refresh  - Dnsproxy module can
forward all queries without local resolving  ----  Latest upstream release.
Includes bugfixes for DNSSEC key management.  ----  Latest upstream versions
with bunch of impotant bugfixes.
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade knot' at the command line.
For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora 25: knot Security Update 2017-038e821698

March 9, 2017
Knot Resolver 1.2.3 (2017-02-23) -------- - Disable storing GLUE records into the cache even in the (non- default) QUERY_PERMISSIVE mode - iterate: skip answer RRs that don't matc...

Summary

Knot DNS is a high-performance authoritative DNS server implementation.

Update Information:

Knot Resolver 1.2.3 (2017-02-23) ================================ Bugfixes -------- - Disable storing GLUE records into the cache even in the (non- default) QUERY_PERMISSIVE mode - iterate: skip answer RRs that don't match the query - layer/iterate: some additional processing for referrals - lib/resolve: zonecut fetching error was fixed Knot Resolver 1.2.2 (2017-02-10) ================================ Bugfixes: --------- - Fix -k argument processing to avoid out-of-bounds memory accesses - lib/resolve: fix zonecut fetching for explicit DS queries - hints: more NULL checks - Fix TA bootstrapping for multiple TAs in the IANA XML file Testing: -------- - Update tests to run tests with and without QNAME minimization Knot Resolver 1.2.1 (2017-02-01) ==================================== Security: --------- - Under certain conditions, a cached negative answer from a CD query would be reused to construct response for non-CD queries, resulting in Insecure status instead of Bogus. Only 1.2.0 release was affected. Documentation ------------- - Update the typo in the documentation: The query trace policy is named policy.QTRACE (and not policy.TRACE) Bugfixes: --------- - lua: make the map command check its arguments Knot DNS 2.4.1 (2017-02-10) =========================== Bugfixes: -------- - Transfer of a huge rrset goes into an infinite loop - Huge response over TCP contains useless TC bit instead of SERVFAIL - Failed to build utilities with disabled daemon - Memory leaks during keys removal - Rough TSIG packet reservation causes early truncation - Minor out-of-bounds string termination write in rrset dump - Server crash during stop if failed to open timers DB - Poor minimum UDP-max-size configuration check - Failed to receive one-record-per-message IXFR-style AXFR - Kdig timeouts when receiving RCODE != NOERROR on subsequent transfer message Improvements: ------------- - Speed-up of rdata addition into a huge rrset - Introduce check of minumum timeout for next refresh - Dnsproxy module can forward all queries without local resolving ---- Latest upstream release. Includes bugfixes for DNSSEC key management. ---- Latest upstream versions with bunch of impotant bugfixes.

Change Log

References

Fedora Update Notification FEDORA-2017-038e821698 2017-03-09 08:01:59.598458 Name : knot Product : Fedora 25 Version : 2.4.1 Release : 1.fc25 URL : https://www.knot-dns.cz/ Summary : High-performance authoritative DNS server Description : Knot DNS is a high-performance authoritative DNS server implementation.

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade knot' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
Name : knot
Product : Fedora 25
Version : 2.4.1
Release : 1.fc25
URL : https://www.knot-dns.cz/
Summary : High-performance authoritative DNS server

Related News

11.Locks IsometricPattern Esm H320
2 - 3 min read
The Kinsing hacker group, or H2Miner, has been orchestrating illicit cryptocurrency mining campaigns since 2019 and poses a persistent security
32.Lock Code Circular Esm H320
2 - 3 min read
The Kimsuky APT group, reportedly linked to North Korea's Reconnaissance General Bureau (RGB), has been identified deploying a Linux version of its
4.Lock AbstractDigital Esm H320
2 - 3 min read
Recent research sheds light on the security vulnerabilities prevalent in Linux vendor kernels due to flawed engineering processes that backport
28.Lock Globe Esm H320
1 - 2 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in
6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved