954555 – <net-dns/knot-resolver-{5.7.5, 6.0.12}: DoS, rare crashes. confirmed on 6.X only

Bug 954555 - <net-dns/knot-resolver-{5.7.5, 6.0.12}: DoS, rare crashes. confirmed on 6.X only

Summary: <net-dns/knot-resolver-{5.7.5, 6.0.12}: DoS, rare crashes. confirmed on 6.X only

Status:	UNCONFIRMED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:	https://gitlab.nic.cz/knot/knot-resol...
Whiteboard:	B3 [stable?]
Keywords:	PullRequest

Depends on:
Blocks:

Reported:	2025-04-26 02:05 UTC by Nicolas PARLANT
Modified:	2025-04-26 02:14 UTC (History)
CC List:	2 users (show)

See Also:	https://github.com/gentoo/gentoo/pull/41728
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Nicolas PARLANT 2025-04-26 02:05:42 UTC

DoS, rare crashes with lines below:
  [system] requirement "h && h->end > h->begin" failed in queue_pop_impl
  [system] requirement "val == task" failed in session2_tasklist_del

Fix in 6.0.12 : https://gitlab.nic.cz/knot/knot-resolver/-/commit/e46e0e8bb5826e9e9fdb37680b67b7bf0a232026

DoS unconfirmed on 5.X, but fix in 5.7.5: https://gitlab.nic.cz/knot/knot-resolver/-/commit/4dd200e6c0fd3b21341d1b07135243281631d0b7)

Comment 1 Sam James archtester

2025-04-26 02:12:35 UTC

For security bugs, the title shows the first fixed version in-tree.

Comment 2 Larry the Git Cow gentoo-dev

2025-04-26 02:14:22 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0678c49c2be4ed6c4a44dddba80ee17cd51f2d04

commit 0678c49c2be4ed6c4a44dddba80ee17cd51f2d04
Author:     Nicolas PARLANT <nicolas.parlant@parhuet.fr>
AuthorDate: 2025-04-24 12:05:19 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2025-04-26 02:12:45 +0000

    net-dns/knot-resolver: add 6.0.12
    
    security/bugfixes release
    
    minor changes from 6.0.11 :
    * update description for an optfeature
    * drop python3_10
    
    Bug: https://bugs.gentoo.org/954555
    Signed-off-by: Nicolas PARLANT <nicolas.parlant@parhuet.fr>
    Part-of: https://github.com/gentoo/gentoo/pull/41728
    Signed-off-by: Sam James <sam@gentoo.org>

 net-dns/knot-resolver/Manifest                    |   2 +
 net-dns/knot-resolver/knot-resolver-6.0.12.ebuild | 182 ++++++++++++++++++++++
 2 files changed, 184 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9e29d2e126181a13aff7cf9cde81db43c6f87477

commit 9e29d2e126181a13aff7cf9cde81db43c6f87477
Author:     Nicolas PARLANT <nicolas.parlant@parhuet.fr>
AuthorDate: 2025-04-24 12:05:11 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2025-04-26 02:12:45 +0000

    net-dns/knot-resolver: add 5.7.5
    
    security/bugfixes release
    
    add optfeatures
    add initd for kres-cache-gc
    
    Bug: https://bugs.gentoo.org/954555
    Signed-off-by: Nicolas PARLANT <nicolas.parlant@parhuet.fr>
    Part-of: https://github.com/gentoo/gentoo/pull/41728
    Signed-off-by: Sam James <sam@gentoo.org>

 net-dns/knot-resolver/Manifest                   |  2 +
 net-dns/knot-resolver/knot-resolver-5.7.5.ebuild | 98 ++++++++++++++++++++++++
 2 files changed, 100 insertions(+)