Smart DNS: Delivering the Best Subscriber Experience

This is the second in a series of blog posts that discuss how smart DNS resolvers can enhance ongoing network transformation efforts such as the transition to 5G, better integration of Wi-Fi, and new network designs that optimize the edge to improve the subscriber experience, service delivery, an...

Microsoft Guidance for Addressing Spoofing Vulnerability in DNS Resolver

Microsoft is aware of a vulnerability involving DNS cache poisoning caused by IP fragmentation that affects Windows DNS Resolver. An attacker who successfully exploited this vulnerability could spoof the DNS packet which can be cached by the DNS Forwarder or the DNS Resolver. For more information...

Updated firefox and nss packages fix security vulnerabilities

When drawing a transparent image on top of an unknown cross-origin image, the Skia library drawImage function took a variable amount of time depending on the content of the underlying image. This resulted in potential cross-origin information exposure of image content through timing side-channel...

glibc security, bug fix, and enhancement update

2.28-127.0.1 - add Ampere emag to tunable cpu list Patrick McGehearty - add optimized memset for emag - add an ASIMD variant of strlen for falkor - Orabug: 2700101. - Modify glibc-ora28849085.patch so it works with RHCK kernels. - Orabug: 28849085. - Make IOfunlockfile match funlockfile and...

Moderate: Red Hat Security Advisory: bind security, bug fix, and enhancement update

An update for bind is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

ASB-A-161362564

In sendvc of ressend.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Dynamic Data Resolver - Version 1.0.1 beta

By Holger Unterbrink. Cisco Talos is releasing a new beta version of Dynamic Data Resolver DDR today. This release comes with a new architecture for samples using multi-threading. The process and thread tracing has been completely reimplemented. We also fixed a few bugs and memory leaks. Another...

CVE-2020-15157

In containerd an industry-standard container runtime before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer otherwise known as a “foreign...

CVE-2020-15157

In containerd an industry-standard container runtime before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer otherwise known as a “foreign...

Moderate: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

unbound: amplification of an incoming query into a large number of queries directed to a target

A network amplification vulnerability was found in Unbound, in the way it processes delegation messages from one authoritative zone to another. This flaw allows an attacker to cause a denial of service or be part of an attack against another DNS server when Unbound is deployed as a recursive...

Important: Red Hat Security Advisory: unbound security update

An update for unbound is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RHEL 7 : unbound (RHSA-2020:4181)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4181 advisory. The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: amplification of an...

Information Disclosure

GNOME NetworkManager is vulnerable to information disclosure. A flaw in DNS resolver can result in Private DNS queries leaked to local network's DNS servers, while on VPN...

Fedora 31 : knot-resolver (2020-52e28feab6)

update to upstream version 5.1.3 ---- - update to new upstream version ---- - fixes CVE-2020-12667 ---- new upstream release https://www.knot-resolver.cz/2020-04-29-knot-resolver-5.1.0.html ---- - bugfix for 5.0.0 release ---- - see https://knot-resolver.readthedocs.io/en/stable/upgrading .html -...

Fedora: Security Advisory for knot-resolver (FEDORA-2020-52e28feab6)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 31 Update: knot-resolver-5.1.3-1.fc31

The Knot Resolver is a DNSSEC-enabled caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is...

EulerOS Virtualization for ARM 64 3.0.2.0 : unbound (EulerOS-SA-2020-1971)

According to the versions of the unbound package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A flaw was found in unbound in versions prior to 1.10.1. An infinite loop can be created when malformed DNS answers ar...

GHSA-XF64-2F9P-6PQQ Information Exposure in type-graphql

Versions of type-graphql prior to 0.17.6 are vulnerable to Information Exposure. The package leaks the resolver source code in an error message. It is possible to force this error when no subscription topics are provided in the request. Recommendation Upgrade to version 0.17.6 or later...

Information Exposure in type-graphql

Versions of type-graphql prior to 0.17.6 are vulnerable to Information Exposure. The package leaks the resolver source code in an error message. It is possible to force this error when no subscription topics are provided in the request. Recommendation Upgrade to version 0.17.6 or later...