Headline
Ubuntu Security Notice USN-7047-1
Ubuntu Security Notice 7047-1 - Vladimír Čunát discovered that Knot Resolver incorrectly handled input during DNSSEC validation. A remote attacker could possibly use this issue to bypass certain validations. Vladimír Čunát discovered that Knot Resolver incorrectly handled input during DNSSEC validation. A remote attacker could possibly use this issue to downgrade DNSSEC-secure domains to a DNSSEC-insecure state, resulting in a domain hijacking attack.
==========================================================================Ubuntu Security Notice USN-7047-1October 01, 2024knot-resolver vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in knot-resolver.Software Description:- knot-resolver: caching, DNSSEC-validating DNS resolverDetails:Vladimír Čunát discovered that Knot Resolver incorrectly handled inputduring DNSSEC validation. A remote attacker could possibly use this issueto bypass certain validations. (CVE-2019-10190)Vladimír Čunát discovered that Knot Resolver incorrectly handled inputduring DNSSEC validation. A remote attacker could possibly use this issueto downgrade DNSSEC-secure domains to a DNSSEC-insecure state, resultingin a domain hijacking attack. (CVE-2019-10191)Vladimír Čunát discovered that Knot Resolver incorrectly handled certainDNS replies with many resource records. An attacker could possibly usethis issue to consume system resources, resulting in a denial of service.(CVE-2019-19331)Lior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that KnotResolver incorrectly handled certain queries. A remote attacker coulduse this issue to perform an amplification attack directed at a target.(CVE-2020-12667)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS knot-resolver 3.2.1-3ubuntu2.2In general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-7047-1 CVE-2019-10190, CVE-2019-10191, CVE-2019-19331, CVE-2020-12667Package Information: https://launchpad.net/ubuntu/+source/knot-resolver/3.2.1-3ubuntu2.2