2009年3月23日

[installer 1868] BIND 9.4.3-P2, 9.5.1-P2, 9.6.1b1

BIND 9.4.3-P2, 9.5.1-P2, 9.6.1b1 出ています。

セキュリティホール修正版です。
https://www.isc.org/node/437
参照のこと。

☆ BIND 9.4.3-P2
http://www.isc.org/products/BIND/

ftp://ftp.isc.org/isc/bind/9.4.3-P2/bind-9.4.3-P2.tar.gz

--- 9.4.3-P2 released ---

2579. [bug] DNSSEC lookaside validation failed to handle unknown
algorithms. [RT #19479]


☆ BIND 9.5.1-P2
http://www.isc.org/products/BIND/
ftp://ftp.isc.org/isc/bind/9.5.1-P2/bind-9.5.1-P2.tar.gz

--- 9.5.1-P2 released ---

2579. [bug] DNSSEC lookaside validation failed to handle unknown
algorithms. [RT #19479]


☆ BIND 9.6.1b1
http://www.isc.org/products/BIND/
ftp://ftp.isc.org/isc/bind/9.6.1b1/bind-9.6.1b1.tar.gz

--- 9.6.1b1 released ---

2577. [doc] Clarified some statistics counters. [RT #19454]

2576. [bug] NSEC record were not being correctly signed when
a zone transitions from insecure to secure.
Handle such incorrectly signed zones. [RT #19114]

2574. [doc] Document nsupdate -g and -o. [RT #19351]

2573. [bug] Replacing a non-CNAME record with a CNAME record in a
single transaction in a signed zone failed. [RT #19397]

2568. [bug] Report when the write to indicate a otherwise
successful start fails. [RT #19360]

2567. [bug] dst__privstruct_writefile() could miss write errors.
write_public_key() could miss write errors.
dnssec-dsfromkey could miss write errors.
[RT #19360]

2564. [bug] Only take EDNS fallback steps when processing timeouts.
[RT #19405]

2563. [bug] Dig could leak a socket causing it to wait forever
to exit. [RT #19359]

2561. [doc] Add isc-config.sh(1) man page. [RT #16378]

2560. [bug] Add #include <config.h> to iptable.c. [RT #18258]

2559. [bug] dnssec-dsfromkey could compute bad DS records when
reading from a K* files. [RT #19357]

2557. [cleanup] PCI compliance:
* new libisc log module file
* isc_dir_chroot() now also changes the working
directory to "/".
* additional INSISTs
* additional logging when files can't be removed.

2556. [port] Solaris: mkdir(2) on tmpfs filesystems does not do the
error checks in the correct order resulting in the
wrong error code sometimes being returned. [RT #19249]

2554. [bug] Validation of uppercase queries from NSEC3 zones could
fail. [RT #19297]

2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291]

2552. [bug] zero-no-soa-ttl-cache was not being honoured.
[RT #19340]

2551. [bug] Potential Reference leak on return. [RT #19341]

2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
[RT #19343]

2549. [port] linux: define NR_OPEN if not currently defined.
[RT #19344]

2548. [bug] Install iterated_hash.h. [RT #19335]

2547. [bug] openssl_link.c:mem_realloc() could reference an
out-of-range area of the source buffer. New public
function isc_mem_reallocate() was introduced to address
this bug. [RT #19313]

2545. [doc] ARM: Legal hostname checking (check-names) is
for SRV RDATA too. [RT #19304]

2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]

2543. [contrib] Update contrib/zkt to version 0.98. [RT #19113]

2542. [doc] Update the description of dig +adflag. [RT #19290]

2541. [bug] Conditionally update dispatch manager statistics.
[RT #19247]

2539. [security] Update the interaction between recursion, allow-query,
allow-query-cache and allow-recursion. [RT #19198]

2538. [bug] cache/ADB memory could grow over max-cache-size,
especially with threads and smaller max-cache-size
values. [RT #19240]

2537. [experimental] Added more statistics counters including those on socket
I/O events and query RTT histograms. [RT #18802]

2536. [cleanup] Silence some warnings when -Werror=format-security is
specified. [RT #19083]

2535. [bug] dig +showsearh and +trace interacted badly. [RT #19091]

2532. [bug] dig: check the question section of the response to
see if it matches the asked question. [RT #18495]

2531. [bug] Change #2207 was incomplete. [RT #19098]

2530. [bug] named failed to reject insecure to secure transitions
via UPDATE. [RT #19101]

2529. [cleanup] Upgrade libtool to silence complaints from recent
version of autoconf. [RT #18657]

2528. [cleanup] Silence spurious configure warning about
--datarootdir [RT #19096]

2527. [bug] named could reuse cache on reload with
enabling/disabling validation. [RT #19119]

2525. [experimental] New logging category "query-errors" to provide detailed
internal information about query failures, especially
about server failures. [RT #19027]

2524. [port] sunos: dnssec-signzone needs strtoul(). [RT #19129]

2523. [bug] Random type rdata freed by dns_nsec_typepresent().
[RT #19112]

2522. [security] Handle -1 from DSA_do_verify() and EVP_VerifyFinal().

2521. [bug] Improve epoll cross compilation support. [RT #19047]

2519. [bug] dig/host with -4 or -6 didn't work if more than two
nameserver addresses of the excluded address family
preceded in resolv.conf. [RT #19081]

2517. [bug] dig +trace with -4 or -6 failed when it chose a
nameserver address of the excluded address.
[RT #18843]

2516. [bug] glue sort for responses was performed even when not
needed. [RT #19039]

2514. [bug] dig/host failed with -4 or -6 when resolv.conf contains
a nameserver of the excluded address family.
[RT #18848]

2511. [cleanup] dns_rdata_tofmttext() add const to linebreak.
[RT #18885]

2506. [port] solaris: Check at configure time if
hack_shutup_pthreadonceinit is needed. [RT #19037]

2505. [port] Treat amd64 similarly to x86_64 when determining
atomic operation support. [RT #19031]

2503. [port] linux: improve compatibility with Linux Standard
Base. [RT #18793]

2502. [cleanup] isc_radix: Improve compliance with coding style,
document function in <isc/radix.h>. [RT #18534]

----
こがよういちろう


投稿者 xml-rpc : 2009年3月23日 16:52
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/83562
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。