For details see: https://downloads.isc.org/isc/bind9/9.11.19/RELEASE-NOTES-bind-9.11.19.html
"Security Fixes
To prevent exhaustion of server resources by a maliciously configured domain, the number of recursive queries that can be triggered by a request before aborting recursion has been further limited. Root and top-level domain servers are no longer exempt from the max-recursion-queries limit. Fetches for missing name server address records are limited to 4 for any domain. This issue was disclosed in CVE-2020-8616. [GL #1388]
Replaying a TSIG BADTIME response as a request could trigger an assertion failure. This was disclosed in CVE-2020-8617. [GL #1703]
Feature Changes
Message IDs in inbound AXFR transfers are now checked for consistency. Log messages are emitted for streams with inconsistent message IDs. [GL #1674]
Bug Fixes
When running on a system with support for Linux capabilities, named drops root privileges very soon after system startup. This was causing a spurious log message, "unable to set effective uid to 0: Operation not permitted", which has now been silenced. [GL #1042] [GL #1090]
When named-checkconf -z was run, it would sometimes incorrectly set its exit code. It reflected the status of the last view found; if zone-loading errors were found in earlier configured views but not in the last one, the exit code indicated success. Thanks to Graham Clinch. [GL #1807]
When built without LMDB support, named failed to restart after a zone with a double quote (") in its name was added with rndc addzone. Thanks to Alberto Fernández. [GL #1695]"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org --- config/rootfiles/common/bind | 4 ++-- lfs/bind | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/config/rootfiles/common/bind b/config/rootfiles/common/bind index 8c6f7983c..d70ce3272 100644 --- a/config/rootfiles/common/bind +++ b/config/rootfiles/common/bind @@ -271,7 +271,7 @@ usr/lib/libbind9.so.161.0.4 #usr/lib/libdns.la #usr/lib/libdns.so usr/lib/libdns.so.1110 -usr/lib/libdns.so.1110.0.1 +usr/lib/libdns.so.1110.0.2 #usr/lib/libisc.la #usr/lib/libisc.so usr/lib/libisc.so.1105 @@ -283,7 +283,7 @@ usr/lib/libisccc.so.161.0.1 #usr/lib/libisccfg.la #usr/lib/libisccfg.so usr/lib/libisccfg.so.163 -usr/lib/libisccfg.so.163.0.6 +usr/lib/libisccfg.so.163.0.7 #usr/lib/liblwres.la #usr/lib/liblwres.so usr/lib/liblwres.so.161 diff --git a/lfs/bind b/lfs/bind index 1d5bca986..4d0602eda 100644 --- a/lfs/bind +++ b/lfs/bind @@ -25,7 +25,7 @@
include Config
-VER = 9.11.18 +VER = 9.11.19
THISAPP = bind-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -43,7 +43,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 83144af1532ba16e95f90b42036ef519 +$(DL_FILE)_MD5 = 41bc2c6509a4c324e16775b462608820
install : $(TARGET)