Revisions of bind
Stefan Lijewski (lijews)
accepted
request 196335
from
Stefan Lijewski (lijews)
(revision 10)
- Update to 9.9.3P2 fixes CVE-2013-4854, bnc#831899. * Incorrect bounds checking on private type 'keydata' can lead to a remotely triggerable REQUIRE failure.
Stefan Lijewski (lijews)
accepted
request 162840
from
Stefan Lijewski (lijews)
(revision 9)
- Updated to 9.9.2-P2 Security Fixes Removed the check for regex.h in configure in order to disable regex syntax checking, as it exposes BIND to a critical flaw in libregex on some platforms. [CVE-2013-2266] [RT #32688] https://kb.isc.org/article/AA-00871 (bnc#811876) Prevents named from aborting with a require assertion failure on servers with DNS64 enabled. These crashes might occur as a result of specific queries that are received. (Note that this fix is a subset of a series of updates that will be included in full in BIND 9.8.5 and 9.9.3 as change #3388, RT #30996). [CVE-2012-5688] [RT #30792] A deliberately constructed combination of records could cause named to hang while populating the additional section of a response. [CVE-2012-5166] [RT #31090] Prevents a named assert (crash) when queried for a record whose RDATA exceeds 65535 bytes. [CVE-2012-4244] [RT #30416] Prevents a named assert (crash) when validating caused by using "Bad cache" data before it has been initialized. [CVE-2012-3817] [RT #30025] A condition has been corrected where improper handling of zero-length RDATA could cause undesirable behavior, including termination of the named process. [CVE-2012-1667] [RT #29644] ISC_QUEUE handling for recursive clients was updated to address a race condition that could cause a memory leak. This rarely occurred with UDP clients, but could be a significant problem for a server handling a steady rate of TCP queries. [CVE-2012-3868] [RT #29539 & #30233] New Features Elliptic Curve Digital Signature Algorithm keys and signatures
Stefan Lijewski (lijews)
accepted
request 138971
from
Stefan Lijewski (lijews)
(revision 8)
- Specially crafted DNS data can cause a lockup in named. CVE-2012-5166, bnc#784602. - 9.7.6-P4
Stefan Lijewski (lijews)
accepted
request 135615
from
Stefan Lijewski (lijews)
(revision 7)
- A nameserver can be caused to exit with a REQUIRE exception if it can be induced to load a specially crafted resource record. CVE-2012-4244 bnc#780157 - 9.6-ESV-R7-P3 - fetched current named.root and dnszone-schema.txt from upstream. - named.root: D has ipv6 record now
Stefan Lijewski (lijews)
accepted
request 130579
from
Stefan Lijewski (lijews)
(revision 6)
- Bad-cache data could be used before it was initialized, causing an assert. CVE-2012-3817 bnc#772945 - Change #3314 broke saving of stub zones to disk resulting in excessive cpu usage in some cases. - 9.7.6-P2
Stefan Lijewski (lijews)
accepted
request 127790
from
Stefan Lijewski (lijews)
(revision 5)
- VUL-1: deleted domain name resolving flaw CVE-2012-1033 bnc#746074 - more than 40 other bugs fixed (see CHANGES for details) - 9.7.6-P1
Stefan Lijewski (lijews)
accepted
request 125086
from
Stefan Lijewski (lijews)
(revision 4)
- VUL-0: bind remote DoS via zero length rdata field CVE-2012-1667 bnc#765315 - Cache lookup could return RRSIG data associated with nonexistent records, leading to an assertion failure. (bnc#730995) CVE-2011-4313 - Change #2912 (see CHANGES) exposed a latent bug in the DNS message processing code that could allow certain UPDATE requests to crash named. This was fixed by disambiguating internal database representation vs DNS wire format data. [RT #24777] [CVE-2011-2464] (bnc#703907) - Security update to 9.7.3-P1 - fixed a denial of service in RRSIG (CVE-2011-1910 / bnc#696585) - Updated named.root from internic - fixed security issue VUL-0: bind: IXFR or DDNS update combined with high query rate DoS vulnerability (CVE-2011-0414 bnc#674431) - version to 9.7.3 - ifdef the sysvinit specific prereqs for openSUSE 11.4 and later - fix bnc#656509 - direct mount of /proc in chroot - prereq init scripts syslog and network - fixed VUL-0: bind: allow-query processed incorrectly bnc#657120, CVE-2010-3615 - added gssapi support - Zones may be dynamically added and removed with the "rndc addzone" and "rndc delzone" commands. These dynamically added zones are written to a per-view configuration file. Do not rely on the
Stefan Lijewski (lijews)
committed
(revision 3)
osc copypac from project:openSUSE:Evergreen:11.2:Test package:bind revision:3
Stefan Lijewski (lijews)
committed
(revision 2)
osc copypac from project:openSUSE:Evergreen:11.2:Test package:bind revision:2
Stefan Lijewski (lijews)
committed
(revision 1)
osc copypac from project:openSUSE:Evergreen:11.2:Test package:bind revision:1
Displaying all 10 revisions