FEDORA-2018-f73abc5680

security update in Fedora 26 for knot-resolver

Status: obsolete

Knot Resolver 1.5.3 (2018-01-23)

Bugfixes

  • fix the hints module on some systems, e.g. Fedora. Symptom: undefined symbol: engine_hint_root_file

Knot Resolver 1.5.2 (2018-01-22)

Security

  • fix CVE-2018-1000002: insufficient DNSSEC validation, allowing attackers to deny existence of some data by forging packets. Some combinations pointed out in RFC 6840 sections 4.1 and 4.3 were not taken into account.

Bugfixes

  • memcached: fix fallout from module rename in 1.5.1

Knot Resolver 1.5.1 (2017-12-12)

Incompatible changes

  • script supervisor.py was removed, please migrate to a real process manager
  • module ketcd was renamed to etcd for consistency
  • module kmemcached was renamed to memcached for consistency

Bugfixes

  • fix SIGPIPE crashes (#271)
  • tests: work around out-of-space for platforms with larger memory pages
  • lua: fix mistakes in bindings affecting 1.4.0 and 1.5.0 (and 1.99.1-alpha), potentially causing problems in dns64 and workarounds modules
  • predict module: various fixes (!399)

Improvements

  • add priming module to implement RFC 8109, enabled by default (#220)
  • add modules helping with system time problems, enabled by default; for details see documentation of detect_time_skew and detect_time_jump

Comments 5

This update has been submitted for testing by tkrizek.

This update has been pushed to testing.

tkrizek edited this update.

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

This update has been obsoleted by knot-resolver-2.1.0-1.fc26.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

#1537462 CVE-2018-1000002 knot-resolver: Insufficient DNSSEC validation
#1537466 CVE-2018-1000002 knot-resolver: Insufficient DNSSEC validation [fedora-all]
Content Type
RPM
Status
obsolete
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush
Disabled
Dates
submitted a year ago
in testing a year ago
modified a year ago

Related Bugs 2

00 #1537462 CVE-2018-1000002 knot-resolver: Insufficient DNSSEC validation
00 #1537466 CVE-2018-1000002 knot-resolver: Insufficient DNSSEC validation [fedora-all]

Automated Test Results