Overview Repositories Revisions Requests Users Attributes Meta

Revisions of bind

Stefan Lijewski's avatar Stefan Lijewski (lijews) accepted request 196335 from Stefan Lijewski's avatar Stefan Lijewski (lijews) (revision 10) 
- Update to 9.9.3P2 fixes CVE-2013-4854, bnc#831899.
  * Incorrect bounds checking on private type 'keydata' can lead
    to a remotely triggerable REQUIRE failure.
Stefan Lijewski's avatar Stefan Lijewski (lijews) accepted request 162840 from Stefan Lijewski's avatar Stefan Lijewski (lijews) (revision 9) 
- Updated to 9.9.2-P2
Security Fixes
   Removed the check for regex.h in configure in order to disable
   regex syntax checking, as it exposes BIND to a critical flaw in
   libregex on some platforms. [CVE-2013-2266] [RT #32688]
   https://kb.isc.org/article/AA-00871 (bnc#811876)
   Prevents named from aborting with a require assertion failure
   on servers with DNS64 enabled.  These crashes might occur as a
   result of  specific queries that are received.  (Note that this
   fix is a subset of a series of updates that will be included in
   full in BIND 9.8.5 and 9.9.3 as change #3388, RT #30996).
   [CVE-2012-5688] [RT #30792]
   A deliberately constructed combination of records could cause
   named to hang while populating the additional section of a
   response. [CVE-2012-5166] [RT #31090]
   Prevents a named assert (crash) when queried for a record whose
   RDATA exceeds 65535 bytes.  [CVE-2012-4244]  [RT #30416]
   Prevents a named assert (crash) when validating caused by using
   "Bad cache" data before it has been initialized. [CVE-2012-3817]
   [RT #30025]
   A condition has been corrected where improper handling of
   zero-length RDATA could cause undesirable behavior, including
   termination of the named process. [CVE-2012-1667]  [RT #29644]
   ISC_QUEUE handling for recursive clients was updated to address
   a race condition that could cause a memory leak. This rarely
   occurred with UDP clients, but could be a significant problem
   for a server handling a steady rate of TCP queries. [CVE-2012-3868]
   [RT #29539 & #30233]
New Features
   Elliptic Curve Digital Signature Algorithm keys and signatures
Stefan Lijewski's avatar Stefan Lijewski (lijews) accepted request 138971 from Stefan Lijewski's avatar Stefan Lijewski (lijews) (revision 8) 
- Specially crafted DNS data can cause a lockup in named.
  CVE-2012-5166, bnc#784602.
- 9.7.6-P4
Stefan Lijewski's avatar Stefan Lijewski (lijews) accepted request 135615 from Stefan Lijewski's avatar Stefan Lijewski (lijews) (revision 7) 
- A nameserver can be caused to exit with a REQUIRE exception if it can
  be induced to load a specially crafted resource record.
  CVE-2012-4244
  bnc#780157
- 9.6-ESV-R7-P3
- fetched current named.root and dnszone-schema.txt from upstream.
  - named.root: D has ipv6 record now
Stefan Lijewski's avatar Stefan Lijewski (lijews) accepted request 130579 from Stefan Lijewski's avatar Stefan Lijewski (lijews) (revision 6) 
- Bad-cache data could be used before it was
  initialized, causing an assert.
  CVE-2012-3817
  bnc#772945
- Change #3314 broke saving of stub zones to disk
  resulting in excessive cpu usage in some cases.
- 9.7.6-P2
Stefan Lijewski's avatar Stefan Lijewski (lijews) accepted request 127790 from Stefan Lijewski's avatar Stefan Lijewski (lijews) (revision 5) 
- VUL-1: deleted domain name resolving flaw
  CVE-2012-1033
  bnc#746074
- more than 40 other bugs fixed (see CHANGES for details)
- 9.7.6-P1
Stefan Lijewski's avatar Stefan Lijewski (lijews) accepted request 125086 from Stefan Lijewski's avatar Stefan Lijewski (lijews) (revision 4) 
- VUL-0: bind remote DoS via zero length rdata field
  CVE-2012-1667
  bnc#765315
- Cache lookup could return RRSIG data associated with nonexistent 
  records, leading to an assertion failure. (bnc#730995)
  CVE-2011-4313
- Change #2912 (see CHANGES) exposed a latent bug in the DNS message
  processing code that could allow certain UPDATE requests to crash
  named. This was fixed by disambiguating internal database
  representation vs DNS wire format data. [RT #24777] [CVE-2011-2464]
  (bnc#703907)
- Security update to 9.7.3-P1
  - fixed a denial of service in RRSIG (CVE-2011-1910 / bnc#696585)
- Updated named.root from internic
- fixed security issue
  VUL-0: bind: IXFR or DDNS update combined with high query rate 
  DoS vulnerability (CVE-2011-0414 bnc#674431)
- version to 9.7.3
- ifdef the sysvinit specific prereqs for openSUSE 11.4 and later
- fix bnc#656509 - direct mount of /proc in chroot

- prereq init scripts syslog and network

- fixed VUL-0: bind: allow-query processed incorrectly
  bnc#657120, CVE-2010-3615

- added gssapi support
- Zones may be dynamically added and removed with the "rndc addzone"
  and "rndc delzone" commands. These dynamically added zones are
  written to a per-view configuration file. Do not rely on the
Stefan Lijewski's avatar Stefan Lijewski (lijews) committed (revision 3) 
osc copypac from project:openSUSE:Evergreen:11.2:Test package:bind revision:3
Stefan Lijewski's avatar Stefan Lijewski (lijews) committed (revision 2) 
osc copypac from project:openSUSE:Evergreen:11.2:Test package:bind revision:2
Stefan Lijewski's avatar Stefan Lijewski (lijews) committed (revision 1) 
osc copypac from project:openSUSE:Evergreen:11.2:Test package:bind revision:1
Displaying all 10 revisions
openSUSE Build Service is sponsored by
Places