From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] bind: Update to 9.10.3 Date: Sat, 07 Nov 2015 13:30:22 +0000 Message-ID: <1446903022.2587.0.camel@ipfire.org> In-Reply-To: <1446878037-1121-1-git-send-email-matthias.fischer@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2508485573350872736==" List-Id: --===============2508485573350872736== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Oh dear. Most of these issues are in the server, which is not used in IPFire, but I decided to pull this for Core Update 95. -Michael On Sat, 2015-11-07 at 07:33 +0100, Matthias Fischer wrote: > bind: Update to 9.10.3 > > Security fixes: > An incorrect boundary check in the OPENPGPKEY rdatatype could trigger > an assertion failure. This flaw is disclosed in CVE-2015-5986. [RT > #40286] > > A buffer accounting error could trigger an assertion failure when > parsing certain malformed DNSSEC keys. > This flaw was discovered by Hanno Böck of the Fuzzing Project, and is > disclosed in CVE-2015-5722. [RT #40212] > > A specially crafted query could trigger an assertion failure in > message.c. > This flaw was discovered by Jonathan Foote, and is disclosed in CVE > -2015-5477. [RT #40046] > > On servers configured to perform DNSSEC validation, an assertion > failure could be triggered on answers from a specially configured > server. > This flaw was discovered by Breno Silveira Soares, and is disclosed > in CVE-2015-4620. [RT #39795] > > Bug fixes: > Asynchronous zone loads were not handled correctly when the zone load > was already in progress; this could trigger a crash in zt.c. [RT > #37573] > > A race during shutdown or reconfiguration could cause an assertion > failure in mem.c. [RT #38979] > > Some answer formatting options didn't work correctly with dig +short. > [RT #39291] > > Malformed records of some types, including NSAP and UNSPEC, could > trigger assertion failures when loading text zone files. [RT #40274] > [RT #40285] > > Fixed a possible crash in ratelimiter.c caused by NOTIFY messages > being removed from the wrong rate limiter queue. [RT #40350] > > The default rrset-order of random was inconsistently applied. [RT > #40456] > > BADVERS responses from broken authoritative name servers were not > handled correctly. [RT #40427] > > Several bugs have been fixed in the RPZ implementation. > > For a complete list, see: > https://kb.isc.org/article/AA-01306/0/BIND-9.10.3-Release-Notes.html > > Regards, > Matthias > > Signed-off-by: Matthias Fischer > --- > lfs/bind | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/lfs/bind b/lfs/bind > index 0814cde..6480798 100644 > --- a/lfs/bind > +++ b/lfs/bind > @@ -25,7 +25,7 @@ > > include Config > > -VER = 9.10.2-P4 > +VER = 9.10.3 > > THISAPP = bind-$(VER) > DL_FILE = $(THISAPP).tar.gz > @@ -43,7 +43,7 @@ objects = $(DL_FILE) > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > > -$(DL_FILE)_MD5 = 8b1f5064837756c938eadc1537dec5c7 > +$(DL_FILE)_MD5 = d8cbf04a62a139a841d4bf878087a555 > > install : $(TARGET) > --===============2508485573350872736== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjEKCmlRSWNCQUFC Q2dBR0JRSldQZnp1QUFvSkVJQjU4UDl2a0FrSHhtRVFBTEZGK1RtZkhxamtzSHB4SGNWNGpRbkgK dm5HQXpQWGdGVUFjSXROUjlPemhGaUZ1SDJ1NExPQXJCWGJJR01MTGxUM1R2Q3hVYjlCTHFHZ2gx YUtGYjliMQpNdDFxcEFheVFncEt3cEt5eWYwQ1Ztd2V4K3duUS91YkRMdktuOFduZzBPVnExeFlK QjVvOFRGNlNUbllmODVhCk5WaUpiVzdIcXErOXRWRFJ0aGtNYjVPbHU4ZUoxdjBEanIvaTUxMGE1 alNWREt4T2gvOTBUK2FFTnM5V3luT1YKcGY1ZFE4MnhQU0k3eGljNCtGa3g2MXZibitUelFnRlZs ZWh6WkVLVHZwZzRlKzNoaDFqNkhnV0JFNC9rVzhncApFVXp0NEpRcWhtWjBtQjBxTXVXTEEzU0RV eVVZWC9xM0ZTa0NrUTQzTUtIamdodGhCNVozdk1ya1hleEJ3NXhrCjJFSkw5S2JZTml6RkdmZEU1 aHFkUkNsUXJqWHUwSERqVW1Nb2RpK2NNQkt3MVNiZGZvMFVmaDBhWFZWOU1BdnMKMmR3dFhicjlR Ulkya1k2ZjU2Y05Ld2pDQmx0NEZYYW5sbW51QmtzWEpJTGNZSkVQNU1IUkRFdUdhSGZLU2g4cwox NGFiMi95dW1VOUhldlZDTXduVjhlbW45V1NrRm1wQlJ0VmtVaW5sa1NtcDBzSFRXNWF3aTBMSDJ2 UDR0ZHhHCjFiODJ5MmY4VTJldUE0Y2VzSnNib0g5M2VvRjlqSHVZOUIxZXhJZmp0NHE1Q2V3MFI5 bkdFbDlRWlQycWJ4UG4KcXIxY2JGTnpOazZuRGtDWWdQTEJKMWdGQWdvb2Vla0FKWXA3S3hXUVJz Q2Nyc1ZxTm1PM2ttQXRKTDVNbTBUSwpselBDTVFoVDNIaEJSNmdqYjZLcAo9WFNBZgotLS0tLUVO RCBQR1AgU0lHTkFUVVJFLS0tLS0K --===============2508485573350872736==--