[PATCH] bind: Update to 9.11.0-P3

public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed

* [PATCH] bind: Update to 9.11.0-P3
@ 2017-02-10 21:44 Matthias Fischer
  0 siblings, 0 replies; only message in thread
From: Matthias Fischer @ 2017-02-10 21:44 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 2338 bytes --]

For details see:
https://ftp.isc.org/isc/bind9/9.11.0-P3/RELEASE-NOTES-bind-9.11.0-P3.html

"BIND 9.11.0-P3 addresses the security issue described in CVE-2017-3135,
and fixes a regression introduced in a prior security release.

BIND 9.11.0-P2 addresses the security issues described in CVE-2016-9131,
CVE-2016-9147, CVE-2016-9444 and CVE-2016-9778.

BIND 9.11.0-P1 addresses the security issue described in CVE-2016-8864.

...

Security Fixes

If a server is configured with a response policy zone (RPZ) that rewrites an
answer with local data, and is also configured for DNS64 address mapping, a
NULL pointer can be read triggering a server crash. This flaw is disclosed in
CVE-2017-3135. [RT #44434]

A coding error in the nxdomain-redirect feature could lead to an assertion
failure if the redirection namespace was served from a local authoritative
data source such as a local zone or a DLZ instead of via recursive lookup.
This flaw is disclosed in CVE-2016-9778. [RT #43837]

named could mishandle authority sections with missing RRSIGs, triggering an
assertion failure. This flaw is disclosed in CVE-2016-9444. [RT #43632]

named mishandled some responses where covering RRSIG records were returned
without the requested data, resulting in an assertion failure. This flaw is
disclosed in CVE-2016-9147.
[RT #43548]

named incorrectly tried to cache TKEY records which could trigger an assertion
failure when there was a class mismatch. This flaw is disclosed in CVE-2016-9131.
[RT #43522]

It was possible to trigger assertions when processing responses containing answers
of type DNAME. This flaw is disclosed in CVE-2016-8864. [RT #43465]"

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
---
 lfs/bind | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lfs/bind b/lfs/bind
index d25c2df9f..e178219c2 100644
--- a/lfs/bind
+++ b/lfs/bind
@@ -25,7 +25,7 @@

 include Config

-VER        = 9.11.0-P2
+VER        = 9.11.0-P3

 THISAPP    = bind-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -43,7 +43,7 @@ objects = $(DL_FILE)

 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_MD5 = b8ccec541de18ac2716e7a8268baaaba
+$(DL_FILE)_MD5 = 311787a0a69345a1f1cf7869b0266bf0

 install : $(TARGET)

-- 
2.11.0

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2017-02-10 21:44 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-02-10 21:44 [PATCH] bind: Update to 9.11.0-P3 Matthias Fischer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox