kugadzirisa zvigadziriso kune yakagadzikana DNS server mapazi , pamwe chete nebazi riri pasi pekuvandudzwa kwekuedza 9.15.2. Izvo zvitsva zvinoburitswa zvinogadzirisa dambudziko remujaho (CVE-2019-6471) izvo zvinogona kutungamira mukurambwa kwesevhisi (kugadzirisa kumisa kana chirevo chatanga) kana huwandu hukuru hwemapaketi anouya akavharwa.
Mukuwedzera, iyo itsva vhezheni 9.14.4 inowedzera tsigiro yeGeoIP2 API yekubatanidza dhatabhesi yenzvimbo inoenderana ne IP kero kubva kukambani.
MaxMind (inogoneswa kuburikidza nekuvaka neiyo "--ne-geoip2" sarudzo). GeoIP2 haichatsigire mamwe maACL (akadai setiweki kumhanya, sangano, uye kodhi yenyika) yakambotsigirwa neyekare GeoIP API, iyo isisiri kuchengetwa naMaxMind. New metrics dnssec-sign uye dnssec-refresh akawedzerwawo nemakaunda ehuwandu hweakagadzirwa uye akagadziridzwa DNSSEC siginecha.
Uyezve, inogona kucherechedzwa DNS server Knot 2.8.3, iyo yakawedzera chitupa/kiyi yekumisikidza faira yeTLS ku kdig, yakawedzera ruzivo rwemukati yezvinyorwa zvemukati-KSK masiginecha uye iyo RRL module, uye yakawedzera DNSSEC macheki ekugadzirisa.
Knot Resolver 4.1.0 update yakaburitswa zvakare, iyo yakabvisa (CVE-2019-10190, CVE-2019-10191): Kugona kunzvenga DNSSEC inotarisa mibvunzo yakashaikwa yezita (NXDOMAIN) uye kugona kudzoreredza DNSSEC-yakachengetedzwa domain kune isina kudzivirirwa DNSSEC nyika kuburikidza nepacket spoofing.
Source: opennet.ru