uhlaziyo oluzinzileyo kumasebe omncedisi we DNS , kunye nesebe eliphantsi kophuhliso lovavanyo 9.15.2. Ukukhutshwa okutsha kujongana nomngcipheko wemeko yogqatso (CVE-2019-6471) enokukhokelela ekukhanyeni kwenkonzo (ukupheliswa kwenkqubo xa i-assert isenziwa) xa inani elikhulu leepakethi ezingenayo livaliwe.
Ukongeza, inguqulo entsha ye-9.14.4 yongeza inkxaso ye-GeoIP2 API yokudibanisa i-database yendawo esekelwe kwiidilesi ze-IP ezivela kwinkampani.
I-MaxMind (eyenziwe ngokwakha ngokhetho "--nge-geoip2"). I-GeoIP2 ayisaxhasi ezinye ii-ACL (ezifana nesantya sothungelwano, umbutho, kunye nekhowudi yelizwe) exhaswe ngaphambili kwi-GeoIP API endala, engasayi kugcinwa nguMaxMind. Iimetriki ezintsha ze-dnssec-sign kunye ne-dnssec-refresh nazo zongezwa kunye nezixhobo zokubala ngenani leesignitsha ze-DNSSEC ezenziwe kunye nezihlaziyiweyo.
Ukongezelela, kunokuqatshelwa Umncedisi we DNS Iqhina 2.8.3, elongeze isatifikethi/isitshixo sefayile yoqwalaselo ye TLS kwi kdig, ulwazi olwandisiweyo lomxholo wamangeno oshicilelo lwe-KSK ngaphandle kweintanethi kunye nemodyuli yeRRL, kunye noqwalaselo olwandisiweyo lweDNSSEC iitshekhi.
Uhlaziyo lwe-Knot Resolver 4.1.0 nalo lwakhutshwa, oluye lwacinywa (CVE-2019-10190, CVE-2019-10191): Ukukwazi ukudlula i-DNSSEC ihlola imibuzo yegama elilahlekileyo (i-NXDOMAIN) kunye nokukwazi ukubuyisela i-DNSSEC-ekhuselweyo kwi-domain engakhuselekanga ye-DNSSEC nge-packet spoofing.
umthombo: opennet.ru