2011年7月 8日

[installer 2871] BIND 9.4-ESV-R5rc1, 9.6-ESV-R5rc1, 9.7.4rc1, 9.8.1b2

BIND 9.4-ESV-R5rc1, 9.6-ESV-R5rc1, 9.7.4rc1, 9.8.1b2 出ています。

これまで公表されてきた複数のセキュリティホールの修正が含まれています。

☆ BIND 9.4-ESV-R5rc1
https://www.isc.org/software/bind
ftp://ftp.isc.org/isc/bind/9.4-ESV-R5rc1/bind-9.4-ESV-R5rc1.tar.gz

--- 9.4-ESV-R5rc1 released ---

3124. [bug] Use an rdataset attribute flag to indicate
negative-cache records rather than using rrtype 0;
this will prevent problems when that rrtype is
used in actual DNS packets. [RT #24777]

3121. [security] An authoritative name server sending a negative
response containing a very large RRset could
trigger an off-by-one error in the ncache code
and crash named. [RT #24650]

3120. [bug] Named could fail to validate zones list in a DLV
that validated insecure without using DLV and had
DS records in the parent zone. [RT #24631]

3113. [doc] Document the relationship between serial-query-rate
and NOTIFY messages.


☆ BIND 9.6-ESV-R5rc1
https://www.isc.org/software/bind
ftp://ftp.isc.org/isc/bind/9.6-ESV-R5rc1/bind-9.6-ESV-R5rc1.tar.gz

--- 9.6-ESV-R5rc1 released ---

3124. [bug] Use an rdataset attribute flag to indicate
negative-cache records rather than using rrtype 0;
this will prevent problems when that rrtype is
used in actual DNS packets. [RT #24777]

3123. [security] Change #2912 exposed a latent flaw in
dns_rdataset_totext() that could cause named to
crash with an assertion failure. [RT #24777]

3121. [security] An authoritative name server sending a negative
response containing a very large RRset could
trigger an off-by-one error in the ncache code
and crash named. [RT #24650]

3120. [bug] Named could fail to validate zones list in a DLV
that validated insecure without using DLV and had
DS records in the parent zone. [RT #24631]

3118. [bug] nsupdate could dump core on shutdown when using
SIG(0) keys. [RT #24604]

3113. [doc] Document the relationship between serial-query-rate
and NOTIFY messages.

3112. [doc] Add missing descriptions of the update policy name
types "ms-self", "ms-subdomain", "krb5-self" and
"krb5-subdomain", which allow machines to update
their own records, to the BIND 9 ARM.

3110. [bug] dnssec-signzone: Wrong error message could appear
when attempting to sign with no KSK. [RT #24369]

3104. [bug] Better support for cross-compiling. [RT #24367]

3099. [test] "dlz" system test now runs but gives R:SKIPPED if
not compiled with --with-dlz-filesystem. [RT #24146]

3097. [test] Add a tool to test handling of malformed packets.
[RT #24096]


☆ BIND 9.7.4rc1
https://www.isc.org/software/bind
ftp://ftp.isc.org/isc/bind/9.7.4rc1/bind-9.7.4rc1.tar.gz

--- 9.7.4rc1 released ---

3124. [bug] Use an rdataset attribute flag to indicate
negative-cache records rather than using rrtype 0;
this will prevent problems when that rrtype is
used in actual DNS packets. [RT #24777]

3123. [security] Change #2912 exposed a latent flaw in
dns_rdataset_totext() that could cause named to
crash with an assertion failure. [RT #24777]

3122. [cleanup] dnssec-settime: corrected usage message. [RT #24664]

3121. [security] An authoritative name server sending a negative
response containing a very large RRset could
trigger an off-by-one error in the ncache code
and crash named. [RT #24650]

3120. [bug] Named could fail to validate zones listed in a DLV
that validated insecure without using DLV and had
DS records in the parent zone. [RT #24631]

3119. [bug] When rolling to a new DNSSEC key, a private-type
record could be created and never marked complete.
[RT #23253]

3118. [bug] nsupdate could dump core on shutdown when using
SIG(0) keys. [RT #24604]

3117. [cleanup] Remove doc and parser references to the
never-implemented 'auto-dnssec create' option.
[RT #24533]

3113. [doc] Document the relationship between serial-query-rate
and NOTIFY messages.

3112. [doc] Add missing descriptions of the update policy name
types "ms-self", "ms-subdomain", "krb5-self" and
"krb5-subdomain", which allow machines to update
their own records, to the BIND 9 ARM.

3111. [bug] Improved consistency checks for dnssec-enable and
dnssec-validation, added test cases to the
checkconf system test. [RT #24398]

3110. [bug] dnssec-signzone: Wrong error message could appear
when attempting to sign with no KSK. [RT #24369]

3107. [bug] dnssec-signzone: Report the correct number of ZSKs
when using -x. [RT #20852]

3104. [bug] Better support for cross-compiling. [RT #24367]

3101. [bug] Zones using automatic key maintenance could fail
to check the key repository for updates. [RT #23744]

3099. [test] "dlz" system test now runs but gives R:SKIPPED if
not compiled with --with-dlz-filesystem. [RT #24146]

3097. [test] Add a tool to test handling of malformed packets.
[RT #24096]


☆ BIND 9.8.1b2
https://www.isc.org/software/bind
ftp://ftp.isc.org/isc/bind/9.8.1b2/bind-9.8.1b2.tar.gz

--- 9.8.1b2 released ---

3126. [security] Using DNAME record to generate replacements caused
RPZ to exit with a assertion failure. [RT #23766]

3125. [security] Using wildcard CNAME records as a replacement with
RPZ caused named to exit with a assertion failure.
[RT #24715]

3124. [bug] Use an rdataset attribute flag to indicate
negative-cache records rather than using rrtype 0;
this will prevent problems when that rrtype is
used in actual DNS packets. [RT #24777]

3123. [security] Change #2912 exposed a latent flaw in
dns_rdataset_totext() that could cause named to
crash with an assertion failure. [RT #24777]

3122. [cleanup] dnssec-settime: corrected usage message. [RT #24664]

3121. [security] An authoritative name server sending a negative
response containing a very large RRset could
trigger an off-by-one error in the ncache code
and crash named. [RT #24650]

3120. [bug] Named could fail to validate zones listed in a DLV
that validated insecure without using DLV and had
DS records in the parent zone. [RT #24631]

3119. [bug] When rolling to a new DNSSEC key, a private-type
record could be created and never marked complete.
[RT #23253]

3118. [bug] nsupdate could dump core on shutdown when using
SIG(0) keys. [RT #24604]

3117. [cleanup] Remove doc and parser references to the
never-implemented 'auto-dnssec create' option.
[RT #24533]

3115. [bug] Named could fail to return requested data when
following a CNAME that points into the same zone.
[RT #24455]

3113. [doc] Document the relationship between serial-query-rate
and NOTIFY messages.

----
こがよういちろう


投稿者 xml-rpc : 2011年7月 8日 11:41
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/104770
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。