2008年7月 9日

[installer 1605] BIND 9.3.5-P1, 9.4.2-P1, 9.4.3b2, 9.5.0-P1, 9.5.1b1

BIND 9.3.5-P1, 9.4.2-P1,, 9.4.3b2, 9.5.0-P1, 9.5.1b1 出ています。

DNS プロトコルにキャッシュ汚染攻撃を許す問題が見つかって、完全な
解決策は DNSSEC だけだそうです。BIND の新しいバージョンでは、
DNS クエリの UDP ソースポートをランダマイズして攻撃への抵抗力強化を
図っているとのこと。

詳しくは、

http://www.isc.org/index.pl?/sw/bind/bind-security.php
http://www.kb.cert.org/vuls/id/800113
http://www.us-cert.gov/cas/techalerts/TA08-190B.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1447
http://securitytracker.com/alerts/2008/Jul/1020438.html
参照。

☆ BIND 9.3.5-P1
http://www.isc.org/products/BIND/
ftp://ftp.isc.org/isc/bind9/9.3.5-P1/bind-9.3.5-P1.tar.gz

--- 9.3.5-P1 released ---

2375. [security] Fully randomize UDP query ports to improve
forgery resilience. [RT #17949]


☆ BIND 9.4.2-P1
http://www.isc.org/products/BIND/
ftp://ftp.isc.org/isc/bind9/9.4.2-P1/bind-9.4.2-P1.tar.gz

--- 9.4.2-P1 released ---

2375. [security] Fully randomize UDP query ports to improve
forgery resilience. [RT #17949]


☆ BIND 9.4.3b2
http://www.isc.org/products/BIND/
ftp://ftp.isc.org/isc/bind9/9.4.3b2/bind-9.4.3b2.tar.gz

--- 9.4.3b2 released ---

2385. [bug] A condition variable in socket.c could leak in
rare error handling [RT #17968].

2384. [security] Additional support for query port randomization (change
#2375) including performance improvement and port range
specification. [RT #17949, #18098]

2383. [bug] named could double queries when they resulted in
SERVFAIL due to overkilling EDNS0 failure detection.
[RT #18182]

2382. [doc] Add descriptions of IPSECKEY, SPF and SSHFP to ARM.

2381. [port] dlz/mysql: support multiple install layouts for
mysql. <prefix>/include/{,mysql/}mysql.h and
<prefix>/lib/{,mysql/}. [RT #18152]

2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
proofs which, in turn, caused validation failures
for insecure zones immediately below a secure zone
the server was authoritative for. [RT #18112]

2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
TLDs and supported RRs with TTLs [RT #17972]

2377. [bug] Address race condition in dnssec-signzone. [RT #18142]

2376. [bug] Change #2144 was not complete.

2375. [security] Fully randomize UDP query ports to improve
forgery resilience. [RT #17949]

2372. [bug] fixed incorrect TAG_HMACSHA256_BITS value [RT #18047]

2369. [bug] libbind: Array bounds overrun on read in bitncmp().
[RT #18054]

2364. [bug] named could trigger a assertion when serving a
malformed signed zone. [RT #17828]

2363. [port] sunos: pre-set "lt_cv_sys_max_cmd_len=4096;".
[RT #17513]

2361. [bug] "recursion" statistics counter could be counted
multiple times for a single query. [RT #17990]


☆ BIND 9.5.0-P1
http://www.isc.org/products/BIND/
ftp://ftp.isc.org/isc/bind9/9.5.0-P1/bind-9.5.0-P1.tar.gz

--- 9.5.0-P1 released ---

2375. [security] Fully randomize UDP query ports to improve
forgery resilience. [RT #17949]


☆ BIND 9.5.1b1
http://www.isc.org/products/BIND/
ftp://ftp.isc.org/isc/bind9/9.5.1b1/bind-9.5.1b1.tar.gz

--- 9.5.1b1 released ---

2385. [bug] A condition variable in socket.c could leak in
rare error handling [RT #17968].

2384. [security] Additional support for query port randomization (change
#2375) including performance improvement and port range
specification. [RT #17949, #18098]

2383. [bug] named could double queries when they resulted in
SERVFAIL due to overkilling EDNS0 failure detection.
[RT #18182]

2382. [doc] Add descriptions of DHCID, IPSECKEY, SPF and SSHFP
to ARM.

2381. [port] dlz/mysql: support multiple install layouts for
mysql. <prefix>/include/{,mysql/}mysql.h and
<prefix>/lib/{,mysql/}. [RT #18152]

2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
proofs which, in turn, caused validation failures
for insecure zones immediately below a secure zone
the server was authoritative for. [RT #18112]

2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
TLDs and supported RRs with TTLs [RT #17972]

2378. [bug] gssapi_functions{} had a redundant member in BIND 9.5.
[RT #18169]

2377. [bug] Address race condition in dnssec-signzone. [RT #18142]

2376. [bug] Change #2144 was not complete.

2375. [security] Fully randomize UDP query ports to improve
forgery resilience. [RT #17949]

2373. [bug] Default values of zone ACLs were re-parsed each time a
new zone was configured, causing an overconsumption
of memory. [RT #18092]

----
こがよういちろう


投稿者 xml-rpc : 2008年7月 9日 10:17
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/75077
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。