2011年12月20日

[installer 3052] unbound-1.4.14, 1.4.13p2

unbound-1.4.14, 1.4.13p2 出ています。

DoS ぜい弱性の修正が含まれています。
http://www.unbound.net/downloads/CVE-2011-4528.txt
http://www.kb.cert.org/vuls/id/209659
参照のこと。

パッチも出ています。


o 1.4.0〜1.4.13 用
http://www.unbound.net/downloads/patch_CVE-2011-4528_unbound_140-1413.diff
o 1.0.1〜1.3.4 用
http://www.unbound.net/downloads/patch_CVE-2011-4528_unbound_101-134.diff

☆ unbound-1.4.14
http://unbound.net/
http://unbound.net/downloads/unbound-1.4.14.tar.gz

http://www.unbound.net/download.html より:

Unbound 1.4.14
Download: unbound-1.4.14.tar.gz
SHA1 checksum: 1435029abe63d0106213acb9f173b885183cf1d7
SHA256 checksum: c15b85145e3175f3d933837071b4ffaae8da4a394139ac0e7f3dfee11712e7d3
Date: 19 December, 2011

Features

o Makefile changed for BSD make compatibility.
o dns over ssl support as a client, ssl-upstream yes turns it on. It
performs an SSL transaction for every DNS query.
o dns over ssl support as a server, ssl-service-pem and
ssl-service-key files can be given and then TCP queries are serviced
wrapped in SSL.
o lame-ttl and lame-size options no longer exist, it is integrated
with the host info. They are ignored (with verbose warning) if
encountered to keep the config file backwards compatible.
o TCP-upstream calculates tcp-ping so server selection works if there
are alternatives.
o Unbound probes at EDNS1480 if there an EDNS0 timeout.

Bug Fixes

o Fix for VU#209659 CVE-2011-4528: Unbound denial of service
vulnerabilities from nonstandard redirection and denial of existence
http://www.unbound.net/downloads/CVE-2011-4528.txt
o Fix for tcp-upstream and ssl-upstream for if a laptop sleeps, causes
SERVFAILs. Also fixed for UDP (but less likely).
o Fix quartile time estimate, it was too low, (thanks Jan Komissar).
o Fix double free in unbound-host, reported by Steve Grubb.
o fix -flto detection on Lion for llvm-gcc.
o [bugzilla: 416 ]
Infra cache stores information about ping and lameness per IP, zone.
o [bugzilla: 415 ]
Fix resolve of partners.extranet.microsoft.com with a fix for the
server selection for choosing out of a (particular) list of bad
choices.
o Fix make_new_space function so that the incoming query is not
overwritten if a jostled out query causes a waiting query to be
resumed that then fails and sends an error message. (Thanks to
Matthew Lee).
o fix unbound-anchor for broken strptime on OSX lion, detected in
configure.
o Detect if GOST really works, openssl1.0 on OSX fails.
o Implement ipv6%interface notation for scope_id usage.
o better documentation for inform_super (Thanks Yang Zhe).
o Fix for out-of-memory condition in libunbound (thanks Robert
Fleischman).
o Fix --enable-allsymbols, it depended on link specifics of the target
platform, or fptr_wlist assertion failures could occur. The feature
is disabled on windows.
o updated contrib/unbound_munin_ to family=auto so that it works with
munin-node-configure automatically (if installed as
/usr/local/share/munin/plugins/unbound_munin_ ).
o unbound.exe -w windows option for start and stop service.
o Fix classification of NS set in answer section, where there is a
parent-child server, and the answer has the AA flag for
dir.slb.com. Thanks to Amanda Constant from Secure64.
o [bugzilla: 408 ]
accept patch from Steve Snyder that comments out unused functions in
lookup3.c.
o fix various compiler warnings (reported by Paul Wouters).
o max sent count. EDNS1480 only for rtt < 5000. No promiscuous fetch
if sentcount > 3, stop query if sentcount > 16. Count is reset when
referral or CNAME happens. This makes unbound better at managing
large NS sets, they are explored when there is continued interest
(in the form of queries).
o remove uninit warning from cachedump code.
o Fix parse error on negative SOA RRSIGs if badly ordered in the
packet.
o fix infra cache comparison.
o Fix to constrain signer_name to be a parent of the lookupname.
o robust checks for next-closer NSEC3s.
o iana portlist updated.


☆ unbound-1.4.13p2
http://unbound.net/
http://www.unbound.net/downloads/unbound-1.4.13p2.tar.gz

(ソース差分を見る限り、変更はパッチ相当分)

----
こがよういちろう


投稿者 xml-rpc : 2011年12月20日 09:07
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/107794
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。