25 Led
2018
25 Led
'18
21:36
On Mon 2018-01-22 12:42:47 +0100, Vladimír Čunát wrote:
Knot Resolver 1.5.2 is a security release!
Security
--------
- fix CVE-2018-1000002: insufficient DNSSEC validation, allowing
attackers to deny existence of some data by forging packets.
Some combinations pointed out in RFC 6840 sections 4.1 and 4.3
were not taken into account.
Thanks for this report, Vladimír!
Out of curiosity, are there any test suites available that exercise this
particular attack? I'm trying to sort out a backported fix for the
version of knot-resolver in debian stable (1.2.0) and enough of the
codebase has changed that it's not as simple as just cherry-picking
patches f90d27de49c9d3be0424d5d5457fb18df7d5c3f3 and
d296e36eb554148f3d6f1f86e8f86ddec81de962, so i want to be sure that any
attempted change actually fixes the problem.
--dkg
25 Led
25 Led
21:58
New subject: [knot-dns-users] Knot Resolver 1.5.2 security release
On 01/25/2018 09:36 PM, Daniel Kahn Gillmor wrote:
I'm trying to sort out a backported fix for the
version of knot-resolver in debian stable (1.2.0)
I will have a look at the backport, as I still have the code relatively
fresh in mind.
--Vladimir
22:06
New subject: [knot-dns-users] Knot Resolver 1.5.2 security release
On Thu 2018-01-25 21:58:03 +0100, Vladimír Čunát wrote:
On 01/25/2018 09:36 PM, Daniel Kahn Gillmor wrote:
Great, thanks. If you want to point me to a branch, or to have some
other discussion about it, i'd be happy to take this to whatever other
forum makes sense for you.
Regards,
--dkg
I'm trying to sort out a backported fix for
the
version of knot-resolver in debian stable (1.2.0)
I will have a look at the backport, as I still have the code relatively
fresh in mind.
2523
days inactive
2523
days old
knot-resolver-users@lists.nic.cz
2 comments
2 participants
participants (2)
-
Daniel Kahn Gillmor -
Vladimír Čunát