Category Archives: Fedora

Fedora – Security Updates

knot-2.4.1-1.fc25 knot-resolver-1.2.3-1.fc25

Knot Resolver 1.2.3 (2017-02-23)
================================

Bugfixes
——–
– Disable storing GLUE records into the cache even in the
(non-default) QUERY_PERMISSIVE mode
– iterate: skip answer RRs that don’t match the query
– layer/iterate: some additional processing for referrals
– lib/resolve: zonecut fetching error was fixed

Knot Resolver 1.2.2 (2017-02-10)
================================

Bugfixes:
———
– Fix -k argument processing to avoid out-of-bounds memory accesses
– lib/resolve: fix zonecut fetching for explicit DS queries
– hints: more NULL checks
– Fix TA bootstrapping for multiple TAs in the IANA XML file

Testing:
——–
– Update tests to run tests with and without QNAME minimization

Knot Resolver 1.2.1 (2017-02-01)
====================================

Security:
———
– Under certain conditions, a cached negative answer from a CD query
would be reused to construct response for non-CD queries, resulting
in Insecure status instead of Bogus. Only 1.2.0 release was affected.

Documentation
————-
– Update the typo in the documentation: The query trace policy is
named policy.QTRACE (and not policy.TRACE)

Bugfixes:
———
– lua: make the map command check its arguments

Knot DNS 2.4.1 (2017-02-10)
===========================

Bugfixes:
——–
– Transfer of a huge rrset goes into an infinite loop
– Huge response over TCP contains useless TC bit instead of SERVFAIL
– Failed to build utilities with disabled daemon
– Memory leaks during keys removal
– Rough TSIG packet reservation causes early truncation
– Minor out-of-bounds string termination write in rrset dump
– Server crash during stop if failed to open timers DB
– Poor minimum UDP-max-size configuration check
– Failed to receive one-record-per-message IXFR-style AXFR
– Kdig timeouts when receiving RCODE != NOERROR on subsequent transfer message

Improvements:
————-
– Speed-up of rdata addition into a huge rrset
– Introduce check of minumum timeout for next refresh
– Dnsproxy module can forward all queries without local resolving

—-

Latest upstream release. Includes bugfixes for DNSSEC key management.

—-

Latest upstream versions with bunch of impotant bugfixes.