It was found that knot does not implement reasonable restrictions for zone sizes. This allows an explicitly configured primary DNS server for a zone to crash a secondary DNS server, affecting service of other zones hosted on the same secondary server. CVE request: http://seclists.org/oss-sec/2016/q3/19 Upstream bug: https://gitlab.labs.nic.cz/labs/knot/merge_requests/541
Created knot tracking bugs for this issue: Affects: fedora-all [bug 1353574] Affects: epel-all [bug 1353575]
knot-2.3.0-2.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
knot-2.3.0-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
knot-2.3.0-2.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.