2010年12月 2日

[installer 2584] BIND 9.7.2-P3, 9.6.2-P3, 9.6-ESV-R3, 9.4-ESV-R4

BIND 9.7.2-P3, 9.6.2-P3, 9.6-ESV-R3, 9.4-ESV-R4 出ています。

複数のセキュリティホールの修正が含まれています。
https://www.isc.org/software/bind/advisories/cve-2010-3613
https://www.isc.org/software/bind/advisories/cve-2010-3614
https://www.isc.org/software/bind/advisories/cve-2010-3615
参照のこと。

☆ BIND 9.7.2-P3
https://www.isc.org/software/bind
ftp://ftp.isc.org/isc/bind9/9.7.2-P3/bind-9.7.2-P3.tar.gz

--- 9.7.2-P3 released ---

2973. [bug] bind.keys.h was being removed by the "make clean"
at the end of configure resulting in build failures
where there is very old version of perl installed.
Move it to "make maintainer-clean". [RT #22230]

2972. [bug] win32: address windows socket errors. [RT #21906]

2971. [bug] Fixed a bug that caused journal files not to be
compacted on Windows systems as a result of
non-POSIX-compliant rename() semantics. [RT #22434]

2970. [security] Adding a NO DATA negative cache entry failed to clear
any matching RRSIG records. A subsequent lookup of
of NO DATA cache entry could trigger a INSIST when the
unexpected RRSIG was also returned with the NO DATA
cache entry.

CVE-2010-3613, VU#706148. [RT #22288]

2969. [security] Fix acl type processing so that allow-query works
in options and view statements. Also add a new
set of tests to verify proper functioning.

CVE-2010-3615, VU#510208. [RT #22418]

2968. [security] Named could fail to prove a data set was insecure
before marking it as insecure. One set of conditions
that can trigger this occurs naturally when rolling
DNSKEY algorithms.

CVE-2010-3614, VU#837744. [RT #22309]


☆ BIND 9.6.2-P3
https://www.isc.org/software/bind
ftp://ftp.isc.org/isc/bind9/9.6.2-P3/bind-9.6.2-P3.tar.gz

--- 9.6.2-P3 released ---

2972. [bug] win32: address windows socket errors. [RT #21906]

2971. [bug] Fixed a bug that caused journal files not to be
compacted on Windows systems as a result of
non-POSIX-compliant rename() semantics. [RT #22434]

2970. [security] Adding a NO DATA negative cache entry failed to clear
any matching RRSIG records. A subsequent lookup of
of NO DATA cache entry could trigger a INSIST when the
unexpected RRSIG was also returned with the NO DATA
cache entry.

CVE-2010-3613, VU#706148. [RT #22288]

2968. [security] Named could fail to prove a data set was insecure
before marking it as insecure. One set of conditions
that can trigger this occurs naturally when rolling
DNSKEY algorithms.

CVE-2010-3614, VU#837744. [RT #22309]

2937. [bug] Worked around an apparent race condition in over
memory conditions. Without this fix a DNS cache DB or
ADB could incorrectly stay in an over memory state,
effectively refusing further caching, which
subsequently made a BIND 9 caching server unworkable.
This fix prevents this problem from happening by
polling the state of the memory context, rather than
making a copy of the state, which appeared to cause
a race. This is a "workaround" in that it doesn't
solve the possible race per se, but several experiments
proved this change solves the symptom. Also, the
polling overhead hasn't been reported to be an issue.
This bug should only affect a caching server that
specifies a finite max-cache-size. It's also quite
likely that the bug happens only when enabling threads,
but it's not confirmed yet. [RT #21818]


☆ BIND 9.6-ESV-R3
https://www.isc.org/software/bind
ftp://ftp.isc.org/isc/bind9/9.6-ESV-R3/bind-9.6-ESV-R3.tar.gz

--- 9.6-ESV-R3 released ---

2972. [bug] win32: address windows socket errors. [RT #21906]

2971. [bug] Fixed a bug that caused journal files not to be
compacted on Windows systems as a result of
non-POSIX-compliant rename() semantics. [RT #22434]

2970. [security] Adding a NO DATA negative cache entry failed to clear
any matching RRSIG records. A subsequent lookup of
of NO DATA cache entry could trigger a INSIST when the
unexpected RRSIG was also returned with the NO DATA
cache entry.

CVE-2010-3613, VU#706148. [RT #22288]

2969. [security] Fix acl type processing so that allow-query works
in options and view statements. Also add a new
set of tests to verify proper functioning.

CVE-2010-3615, VU#510208. [RT #22418]

2968. [security] Named could fail to prove a data set was insecure
before marking it as insecure. One set of conditions
that can trigger this occurs naturally when rolling
DNSKEY algorithms.

CVE-2010-3614, VU#837744. [RT #22309]

2967. [bug] 'host -D' now turns on debugging messages earlier.
[RT #22361]

2966. [bug] isc_print_vsnprintf() failed to check if there was
space available in the buffer when adding a left
justified character with a non zero width,
(e.g. "%-1c"). [RT #22270]

2964. [bug] view->queryacl was being overloaded. Seperate the
usage into view->queryacl, view->cacheacl and
view->queryonacl. [RT #22114]

2962. [port] win32: add more dependencies to BINDBuild.dsw.
[RT #22062]

2952. [port] win32: named-checkzone and named-checkconf failed
to initialise winsock. [RT #21932]

2951. [bug] named failed to generate a correct signed response
in a optout, delegation only zone with no secure
delegations. [RT #22007]


☆ BIND 9.4-ESV-R4
https://www.isc.org/software/bind
ftp://ftp.isc.org/isc/bind9/9.4-ESV-R4/bind-9.4-ESV-R4.tar.gz

--- 9.4-ESV-R4 released ---

2970. [security] Adding a NO DATA negative cache entry failed to clear
any matching RRSIG records. A subsequent lookup of
of NO DATA cache entry could trigger a INSIST when the
unexpected RRSIG was also returned with the NO DATA
cache entry.

CVE-2010-3613, VU#706148. [RT #22288]

2968. [security] Named could fail to prove a data set was insecure
before marking it as insecure. One set of conditions
that can trigger this occurs naturally when rolling
DNSKEY algorithms.

CVE-2010-3614, VU#837744. [RT #22309]

2966. [bug] isc_print_vsnprintf() failed to check if there was
space available in the buffer when adding a left
justified character with a non zero width,
(e.g. "%-1c"). [RT #22270]

2962. [port] win32: add more dependancies to BINDBuild.dsw.
[RT #22062]

2786. [bug] Additional could be promoted to answer. [RT #20663]

----
こがよういちろう


投稿者 xml-rpc : 2010年12月 2日 09:15
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/100403
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。