First published: Thu Jul 13 2023(Updated: )
It was discovered that Knot Resolver did not correctly handle certain client options. A remote attacker could send requests to malicous domains and cause a denial of service.
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/knot-resolver | <5.5.1-5ubuntu0.22.10.1 | 5.5.1-5ubuntu0.22.10.1 |
=22.10 | ||
All of | ||
ubuntu/knot-resolver | <5.4.4-1ubuntu0.1~esm1 | 5.4.4-1ubuntu0.1~esm1 |
=22.04 | ||
All of | ||
ubuntu/knot-resolver | <3.2.1-3ubuntu2.1 | 3.2.1-3ubuntu2.1 |
=20.04 | ||
All of | ||
ubuntu/knot-resolver | <2.1.1-1ubuntu0.1~esm2 | 2.1.1-1ubuntu0.1~esm2 |
=18.04 | ||
All of | ||
ubuntu/libkres6 | <2.1.1-1ubuntu0.1~esm2 | 2.1.1-1ubuntu0.1~esm2 |
=18.04 | ||
All of | ||
ubuntu/libkres-dev | <2.1.1-1ubuntu0.1~esm2 | 2.1.1-1ubuntu0.1~esm2 |
=18.04 | ||
All of | ||
ubuntu/knot-resolver | <1.0.0~beta3-1ubuntu0.1~esm1 | 1.0.0~beta3-1ubuntu0.1~esm1 |
=16.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this security advisory is USN-6225-1.
The severity of the vulnerability mentioned in this security advisory is not specified.
The affected software is Knot Resolver.
This vulnerability allows a remote attacker to send requests to malicious domains and cause a denial of service.
To fix this vulnerability, you should update Knot Resolver to version 5.5.1-5ubuntu0.22.10.1 (for Ubuntu 22.10), 5.4.4-1ubuntu0.1~esm1 (for Ubuntu 22.04), 3.2.1-3ubuntu2.1 (for Ubuntu 20.04), 2.1.1-1ubuntu0.1~esm2 (for Ubuntu 18.04), or 1.0.0~beta3-1ubuntu0.1~esm1 (for Ubuntu 16.04).