[ubuntu/focal-updates] knot-resolver 3.2.1-3ubuntu2.2 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Wed Oct 2 00:58:16 UTC 2024 

knot-resolver (3.2.1-3ubuntu2.2) focal-security; urgency=medium

  * SECURITY UPDATE: improper input validation when handling DNSSEC validation
    - debian/patches/CVE-2019-10190.patch: send EDNS with SERVFAILs when
      handling DNSSEC validation failures in lib/layer/iterate.c,
      lib/resolve.*, modules/cookies/cookiemonster.c, modules/hints/hints.c.
    - CVE-2019-10190
  * SECURITY UPDATE: poison cache via unsigned negative answer
    - debian/patches/CVE-2019-10191.patch: Don't stash a packet with a
      mismatching QNAME+QTYPE in daemon/lua/kres-gen.lua, daemon/worker.c,
      lib/cache/api.c, lib/cache/impl.h, lib/layer.h, lib/layer/iterate.c,
      lib/resolve.c, lib/rplan.h.
    - CVE-2019-10191
  * SECURITY UPDATE: denial of service via high CPU utilisation when
    processing some DNS packets
    - debian/patches/CVE-2019-19331_1_of_3.patch: improve performance when
      handling large RRsets in daemon/lua/kres-gen.*, lib/cache/api.c,
      lib/dnssec.c, lib/layer/iterate.c, lib/resolve.c, lib/utils.*.
    - debian/patches/CVE-2019-19331_2_of_3.patch: reduce CNAME chain length 
      limit in daemon/lua/kres-gen.lua, lib/layer/iterate.c, lib/rplan.h.
    - debian/patches/CVE-2019-19331_3_of_3.patch: ENOMEM -> abort() in 
      lib/utils.c.
    - CVE-2019-19331
  * SECURITY UPDATE: traffic amplification via a crafted DNS answer from an 
    attacker-controlled server
    - debian/patches/CVE-2020-12667_1_of_2.patch: limit number of failed NS 
      name resolution attempts for each request in daemon/lua/kres-gen.lua, 
      lib/defines.h, lib/resolve.*.
    - debian/patches/CVE-2020-12667_2_of_2.patch: limit number of consecutive
      failures and kill whole request if limit is exceeded in 
      daemon/lua/kres-gen.lua, lib/defines.h, lib/layer/iterate.c, 
      lib/resolve.*.
    - CVE-2020-12667

Date: 2024-09-30 04:20:12.280374+00:00
Changed-By: Evan Caville <evan.caville at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/knot-resolver/3.2.1-3ubuntu2.2
-------------- next part --------------
Sorry, changesfile not available.

More information about the Focal-changes mailing list