kukonza zosintha ku nthambi zokhazikika za seva ya DNS , komanso nthambi yoyeserera yomwe ikutukuka pano 9.15.2. Zotulutsa zatsopanozi zimalimbana ndi chiwopsezo chamtundu (CVE-2019-6471) zomwe zitha kuchititsa kuti akane ntchito (kuthetsa kuchotsedwako pomwe chitsimikiziro chayambika) pomwe mapaketi ambiri omwe akubwera atsekeredwa.
Kuphatikiza apo, mtundu watsopano wa 9.14.4 umawonjezera thandizo la GeoIP2 API polumikiza database yamalo potengera ma adilesi a IP ochokera kukampani.
MaxMind (yothandizidwa kudzera pa build ndi "--with-geoip2"). GeoIP2 sichirikizanso ma ACL ena (monga liwiro la netiweki, bungwe, ndi ma code a dziko) omwe adathandizidwa kale ndi GeoIP API yakale, yomwe simasungidwanso ndi MaxMind. Ma metrics atsopano a dnssec-sign ndi dnssec-refresh awonjezedwanso ndi zowerengera za kuchuluka kwa siginecha za DNSSEC zopangidwa ndi kusinthidwa.
Kuphatikiza apo, zitha kuzindikirika Seva ya DNS Knot 2.8.3, yomwe idawonjezera satifiketi / fayilo yosinthira makiyi kuti TLS ifike ku kdig, kuchulukitsidwa kwazomwe zili m'malo olowera pa intaneti-KSK siginecha ndi gawo la RRL, ndikuwonjezera macheke a DNSSEC.
Kusintha kwa Knot Resolver 4.1.0 kudatulutsidwanso, komwe kudathetsa (CVE-2019-10190, CVE-2019-10191): Kutha kudumpha macheke a DNSSEC pamafunso omwe akusowa (NXDOMAIN) ndikutha kubweza domain yotetezedwa ndi DNSSEC kudera losatetezedwa la DNSSEC kudzera pa paketi spoofing.
Source: opennet.ru