2012年3月12日

[installer 3141] BIND 9.6-ESV-R6rc2, 9.7.5rc2, 9.8.2rc2

BIND 9.6-ESV-R6rc2, 9.7.5rc2, 9.8.2rc2 出ています。

9.9.0 にも入っていますが、

3282. [bug] Restrict the TTL of NS RRset to no more than that
of the old NS RRset when replacing it.
[RT #27792] [RT #27884]

これが最近の DNS Ghost Domain 問題の対応のようです。

Ghost Domain 問題については、
http://jprs.jp/tech/notice/2012-02-17-ghost-domain-names.html
https://jvn.jp/cert/JVNVU542123/
https://www.isc.org/software/bind/advisories/cve-2012-1033
参照のこと。

☆ BIND 9.6-ESV-R6rc2
https://www.isc.org/software/bind
ftp://ftp.isc.org/isc/bind/9.6-ESV-R6rc2/bind-9.6-ESV-R6rc2.tar.gz

--- 9.6-ESV-R6rc2 released ---

3285. [bug] val-frdataset was incorrectly disassociated in
proveunsecure after calling startfinddlvsep.
[RT #27928]

3284. [bug] Address race conditions with the handling of
rbtnode.deadlink. [RT #27738]

3283. [bug] Raw zones with with more than 512 records in a RRset
failed to load. [RT #27863]

3282. [bug] Restrict the TTL of NS RRset to no more than that
of the old NS RRset when replacing it.
[RT #27792] [RT #27884]

3281. [bug] SOA refresh queries could be treated as cancelled
despite succeeding over the loopback interface.
[RT #27782]

3374. [bug] Log when a zone is not reusable. Only set loadtime
on successful loads. [RT #27650]

3268. [bug] Convert RRSIG expiry times to 64 timestamps to work
out the earliest expiry time. [RT #23311]

3267. [bug] Memory allocation failures could be mis-reported as
unexpected error. New ISC_R_UNSET result code.
[RT #27336]

3266. [bug] The maximum number of NSEC3 iterations for a
DNSKEY RRset was not being properly computed.
[RT #26543]


☆ BIND 9.7.5rc2
https://www.isc.org/software/bind
ftp://ftp.isc.org/isc/bind/9.7.5rc2/bind-9.7.5rc2.tar.gz

--- 9.7.5rc2 released ---

3285. [bug] val-frdataset was incorrectly disassociated in
proveunsecure after calling startfinddlvsep.
[RT #27928]

3284. [bug] Address race conditions with the handling of
rbtnode.deadlink. [RT #27738]

3283. [bug] Raw zones with with more than 512 records in a RRset
failed to load. [RT #27863]

3282. [bug] Restrict the TTL of NS RRset to no more than that
of the old NS RRset when replacing it.
[RT #27792] [RT #27884]

3281. [bug] SOA refresh queries could be treated as cancelled
despite succeeding over the loopback interface.
[RT #27782]

3277. [bug] Make sure automatic key maintenance is started
when "auto-dnssec maintain" is turned on during
"rndc reconfig". [RT #26805]

3276. [bug] win32: ns_os_openfile failed to return NULL on
safe_open failure. [RT #27696]

3374. [bug] Log when a zone is not reusable. Only set loadtime
on successful loads. [RT #27650]

3273. [bug] AAAA responses could be returned in the additional
section even when filter-aaaa-on-v4 was in use.
[RT #27292]

3271. [port] darwin: mksymtbl is not always stable, loop several
times before giving up. mksymtbl was using non
portable perl to covert 64 bit hex strings. [RT #27653]

3268. [bug] Convert RRSIG expiry times to 64 timestamps to work
out the earliest expiry time. [RT #23311]

3267. [bug] Memory allocation failures could be mis-reported as
unexpected error. New ISC_R_UNSET result code.
[RT #27336]

3266. [bug] The maximum number of NSEC3 iterations for a
DNSKEY RRset was not being properly computed.
[RT #26543]


☆ BIND 9.8.2rc2
https://www.isc.org/software/bind
ftp://ftp.isc.org/isc/bind/9.8.2rc2/bind-9.8.2rc2.tar.gz

--- 9.8.2rc2 released ---

3285. [bug] val-frdataset was incorrectly disassociated in
proveunsecure after calling startfinddlvsep.
[RT #27928]

3284. [bug] Address race conditions with the handling of
rbtnode.deadlink. [RT #27738]

3283. [bug] Raw zones with with more than 512 records in a RRset
failed to load. [RT #27863]

3282. [bug] Restrict the TTL of NS RRset to no more than that
of the old NS RRset when replacing it.
[RT #27792] [RT #27884]

3281. [bug] SOA refresh queries could be treated as cancelled
despite succeeding over the loopback interface.
[RT #27782]

3280. [bug] Potential double free of a rdataset on out of memory
with DNS64. [RT #27762]

3277. [bug] Make sure automatic key maintenance is started
when "auto-dnssec maintain" is turned on during
"rndc reconfig". [RT #26805]

3276. [bug] win32: ns_os_openfile failed to return NULL on
safe_open failure. [RT #27696]

3274. [bug] Log when a zone is not reusable. Only set loadtime
on successful loads. [RT #27650]

3273. [bug] AAAA responses could be returned in the additional
section even when filter-aaaa-on-v4 was in use.
[RT #27292]

3271. [port] darwin: mksymtbl is not always stable, loop several
times before giving up. mksymtbl was using non
portable perl to covert 64 bit hex strings. [RT #27653]

3268. [bug] Convert RRSIG expiry times to 64 timestamps to work
out the earliest expiry time. [RT #23311]

3267. [bug] Memory allocation failures could be mis-reported as
unexpected error. New ISC_R_UNSET result code.
[RT #27336]

3266. [bug] The maximum number of NSEC3 iterations for a
DNSKEY RRset was not being properly computed.
[RT #26543]

3262. [bug] Signed responses were handled incorrectly by RPZ.
[RT #27316]

----
こがよういちろう


投稿者 xml-rpc : 2012年3月12日 13:46
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/108777
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。