Debian Security Advisory
DSA-3910-1 knot -- security update
- Date Reported:
- 14 Jul 2017
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 865678.
In Mitre's CVE dictionary: CVE-2017-11104.
- More information:
Clément Berthaux from Synaktiv discovered a signature forgery vulnerability in knot, an authoritative-only DNS server. This vulnerability allows an attacker to bypass TSIG authentication by sending crafted DNS packets to a server.
For the oldstable distribution (jessie), this problem has been fixed in version 1.6.0-1+deb8u1.
For the stable distribution (stretch), this problem has been fixed in version 2.4.0-3+deb9u1.
For the testing (buster) and unstable (sid), this problem will be fixed in a later update.
We recommend that you upgrade your knot packages.