Fedora 26 : knot-resolver (2017-45ebf1e164)

high Nessus Plugin ID 101621

Language:

Synopsis

The remote Fedora host is missing a security update.

Description

new upstream release - security fix

+ security: Knot Resolver 1.2.0 and higher could return AD flag for insecure answer if the daemon received answer with invalid RRSIG several times in a row.

+ fix: layer/iterate: some improvements in cname chain unrolling

+ fix: layer/validate: fix duplicate records in AUTHORITY section in case

+ fix: of WC expansion proof

+ fix: lua: do *not* truncate cache size to unsigned

+ fix: forwarding mode: correctly forward +cd flag

+ fix: fix a potential memory leak

+ fix: don't treat answers that contain DS non-existance proof as insecure

+ fix: don't store NSEC3 and their signatures in the cache

+ fix: layer/iterate: when processing delegations, check if qname is at or below new authority

+ enhancement: modules/policy: allow QTRACE policy to be chained with other policies

+ enhancement: hints.add_hosts(path): a new property

+ enhancement: module: document the API and simplify the code

+ enhancement: policy.MIRROR: support IPv6 link-local addresses

+ enhancement: policy.FORWARD: support IPv6 link-local addresses

+ enhancement: add net.outgoing_{v4,v6} to allow specifying address to use for connections

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected knot-resolver package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2017-45ebf1e164

Plugin Details

Severity: High

ID: 101621

File Name: fedora_2017-45ebf1e164.nasl

Version: 3.4

Type: local

Agent: unix

Published: 7/17/2017

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:knot-resolver, cpe:/o:fedoraproject:fedora:26

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 4/1/2017

Vulnerability Publication Date: 4/1/2017

Reference Information