DNS Proxy Release Updates
DNS Proxy (3.01)
What has been fixed?
Resolved issue installing DNS Proxy on Hyper-V.
Addressed a denial-of-service vulnerability in SSH and SSL/TLS servers supporting DHE key exchange. The vulnerability allowed remote attackers to trigger expensive server-side calculations with minimal client resources. The fix disables DHE key exchange in favor of ECDHE or RSA alternatives to prevent D(HE)ater attacks.
Replaced weak cryptographic hash function with stronger alternatives to address sensitive data exposure vulnerabilities (CWE-328).
What has been improved?
Security Hardening Improvements:
Upgraded FreeBSD packages with known vulnerabilities.
OS upgraded to FreeBSD 14.3.
Updated list of ciphers based on recommendations in https://httpd.apache.org/docs/trunk/ssl/ssl_howto.html#ciphersuites
Disabled deprecated TLS protocols v1.0 and v1.1 in Apache.
Disabled TRACE method to avoid HTTP TRACE XSS attacks.
Strengthened input validation and sanitization for system command execution functions throughout the application to prevent potential command injection vulnerabilities. Enhanced security controls ensure that all user-supplied input is properly validated and escaped before being used in system commands, protecting against code injection attacks.