FEDORA-EPEL-2018-24ac4ff7df

security update in Fedora EPEL 7 for knot-resolver

Status: obsolete

Knot Resolver 1.5.3 (2018-01-23)

Bugfixes

  • fix the hints module on some systems, e.g. Fedora. Symptom: undefined symbol: engine_hint_root_file

Knot Resolver 1.5.2 (2018-01-22)

Security

  • fix CVE-2018-1000002: insufficient DNSSEC validation, allowing attackers to deny existence of some data by forging packets. Some combinations pointed out in RFC 6840 sections 4.1 and 4.3 were not taken into account.

Bugfixes

  • memcached: fix fallout from module rename in 1.5.1

Knot Resolver 1.5.1 (2017-12-12)

Incompatible changes

  • script supervisor.py was removed, please migrate to a real process manager
  • module ketcd was renamed to etcd for consistency
  • module kmemcached was renamed to memcached for consistency

Bugfixes

  • fix SIGPIPE crashes (#271)
  • tests: work around out-of-space for platforms with larger memory pages
  • lua: fix mistakes in bindings affecting 1.4.0 and 1.5.0 (and 1.99.1-alpha), potentially causing problems in dns64 and workarounds modules
  • predict module: various fixes (!399)

Improvements

  • add priming module to implement RFC 8109, enabled by default (#220)
  • add modules helping with system time problems, enabled by default; for details see documentation of detect_time_skew and detect_time_jump

Comments 5

This update has been submitted for testing by tkrizek.

This update has been pushed to testing.

tkrizek edited this update.

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

This update has been obsoleted by knot-resolver-2.1.0-1.el7.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
obsolete
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Disabled
Autopush (time)
Disabled
Dates
submitted 2 years ago
in testing 2 years ago
modified 2 years ago

Related Bugs 3

00 #1530661 knot-resolver fails systemd socket activation on CentOS 7
00 #1537462 CVE-2018-1000002 knot-resolver: Insufficient DNSSEC validation
00 #1537465 CVE-2018-1000002 knot-resolver: Insufficient DNSSEC validation [epel-all]

Automated Test Results