Fedora 25 : knot / knot-resolver (2017-038e821698)

high Nessus Plugin ID 97645

Language:

Synopsis

The remote Fedora host is missing one or more security updates.

Description

Knot Resolver 1.2.3 (2017-02-23) ================================

Bugfixes

--------

- Disable storing GLUE records into the cache even in the (non-default) QUERY_PERMISSIVE mode

- iterate: skip answer RRs that don't match the query

- layer/iterate: some additional processing for referrals

- lib/resolve: zonecut fetching error was fixed

Knot Resolver 1.2.2 (2017-02-10) ================================

Bugfixes :

---------

- Fix -k argument processing to avoid out-of-bounds memory accesses

- lib/resolve: fix zonecut fetching for explicit DS queries

- hints: more NULL checks

- Fix TA bootstrapping for multiple TAs in the IANA XML file

Testing :

--------

- Update tests to run tests with and without QNAME minimization

Knot Resolver 1.2.1 (2017-02-01) ====================================

Security :

---------

- Under certain conditions, a cached negative answer from a CD query would be reused to construct response for non-CD queries, resulting in Insecure status instead of Bogus. Only 1.2.0 release was affected.

Documentation

-------------

- Update the typo in the documentation: The query trace policy is named policy.QTRACE (and not policy.TRACE)

Bugfixes :

---------

- lua: make the map command check its arguments

Knot DNS 2.4.1 (2017-02-10) ===========================

Bugfixes :

--------

- Transfer of a huge rrset goes into an infinite loop

- Huge response over TCP contains useless TC bit instead of SERVFAIL

- Failed to build utilities with disabled daemon

- Memory leaks during keys removal

- Rough TSIG packet reservation causes early truncation

- Minor out-of-bounds string termination write in rrset dump

- Server crash during stop if failed to open timers DB

- Poor minimum UDP-max-size configuration check

- Failed to receive one-record-per-message IXFR-style AXFR

- Kdig timeouts when receiving RCODE != NOERROR on subsequent transfer message

Improvements :

-------------

- Speed-up of rdata addition into a huge rrset

- Introduce check of minumum timeout for next refresh

- Dnsproxy module can forward all queries without local resolving

----

Latest upstream release. Includes bugfixes for DNSSEC key management.

----

Latest upstream versions with bunch of impotant bugfixes.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected knot and / or knot-resolver packages.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2017-038e821698

Plugin Details

Severity: High

ID: 97645

File Name: fedora_2017-038e821698.nasl

Version: 3.4

Type: local

Agent: unix

Published: 3/10/2017

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:knot, p-cpe:/a:fedoraproject:fedora:knot-resolver, cpe:/o:fedoraproject:fedora:25

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 3/9/2017

Vulnerability Publication Date: 3/9/2017

Reference Information