From mboxrd@z Thu Jan 1 00:00:00 1970 From: Matthias Fischer To: development@lists.ipfire.org Subject: [PATCH] bind: Update to 9.11.1 Date: Tue, 25 Apr 2017 21:08:32 +0200 Message-ID: <20170425190832.25589-1-matthias.fischer@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7854265939250427836==" List-Id: --===============7854265939250427836== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable For details see: https://ftp.isc.org/isc/bind9/9.11.1/RELEASE-NOTES-bind-9.11.1.html "Security Fixes rndc "" could trigger an assertion failure in named. This flaw is disclosed in (CVE-2017-3138). [RT #44924] Some chaining (i.e., type CNAME or DNAME) responses to upstream queries could trigger assertion failures. This flaw is disclosed in CVE-2017-3137. [RT #447= 34] dns64 with break-dnssec yes; can result in an assertion failure. This flaw is disclosed in CVE-2017-3136. [RT #44653] If a server is configured with a response policy zone (RPZ) that rewrites an answer with local data, and is also configured for DNS64 address mapping, a N= ULL pointer can be read triggering a server crash. This flaw is disclosed in CVE-2017-3135. [RT #44434] A coding error in the nxdomain-redirect feature could lead to an assertion fa= ilure if the redirection namespace was served from a local authoritative data sourc= e such as a local zone or a DLZ instead of via recursive lookup. This flaw is disclo= sed in CVE-2016-9778. [RT #43837] named could mishandle authority sections with missing RRSIGs, triggering an assertion failure. This flaw is disclosed in CVE-2016-9444. [RT #43632] named mishandled some responses where covering RRSIG records were returned wi= thout the requested data, resulting in an assertion failure. This flaw is disclosed= in CVE-2016-9147. [RT #43548] named incorrectly tried to cache TKEY records which could trigger an assertio= n failure when there was a class mismatch. This flaw is disclosed in CVE-2016-9131. [RT= #43522] It was possible to trigger assertions when processing responses containing an= swers of type DNAME. This flaw is disclosed in CVE-2016-8864. [RT #43465] Added the ability to specify the maximum number of records permitted in a zone (max-records #;). This provides a mechanism to block overly large zone transf= ers, which is a potential risk with slave zones from other parties, as described in CVE-= 2016-6170. [RT #42143] Bug Fixes A synthesized CNAME record appearing in a response before the associated DNAM= E could be cached, when it should not have been. This was a regression introduced while = addressing CVE-2016-8864. [RT #44318] named could deadlock if multiple changes to NSEC/NSEC3 parameters for the sam= e zone were being processed at the same time. [RT #42770] named could trigger an assertion when sending NOTIFY messages. [RT #44019] Referencing a nonexistent zone in a response-policy statement could cause an = assertion failure during configuration. [RT #43787] rndc addzone could cause a crash when attempting to add a zone with a type ot= her than master or slave. Such zones are now rejected. [RT #43665] named could hang when encountering log file names with large apparent gaps in= version number (for example, when files exist called "logfile.0", "logfile.1", and "logfile.1482954169"). This is now handled correctly. [RT #38688] If a zone was updated while named was processing a query for nonexistent data= , it could return out-of-sync NSEC3 records causing potential DNSSEC validation failure.= [RT #43247]" Best, Matthias Signed-off-by: Matthias Fischer --- lfs/bind | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/bind b/lfs/bind index ea6fb835b..1269e4155 100644 --- a/lfs/bind +++ b/lfs/bind @@ -25,7 +25,7 @@ =20 include Config =20 -VER =3D 9.11.0-P5 +VER =3D 9.11.1 =20 THISAPP =3D bind-$(VER) DL_FILE =3D $(THISAPP).tar.gz @@ -43,7 +43,7 @@ objects =3D $(DL_FILE) =20 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) =20 -$(DL_FILE)_MD5 =3D 3e1e525fc640308316cdf98cd29cfa11 +$(DL_FILE)_MD5 =3D c384ab071d902bac13487c1268e5a32f =20 install : $(TARGET) =20 --=20 2.11.0 --===============7854265939250427836==--