- Updated to 9.9.2-P2
Security Fixes
   Removed the check for regex.h in configure in order to disable
   regex syntax checking, as it exposes BIND to a critical flaw in
   libregex on some platforms. [CVE-2013-2266] [RT #32688]
   https://kb.isc.org/article/AA-00871 (bnc#811876)
   Prevents named from aborting with a require assertion failure
   on servers with DNS64 enabled.  These crashes might occur as a
   result of  specific queries that are received.  (Note that this
   fix is a subset of a series of updates that will be included in
   full in BIND 9.8.5 and 9.9.3 as change #3388, RT #30996).
   [CVE-2012-5688] [RT #30792]
   A deliberately constructed combination of records could cause
   named to hang while populating the additional section of a
   response. [CVE-2012-5166] [RT #31090]
   Prevents a named assert (crash) when queried for a record whose
   RDATA exceeds 65535 bytes.  [CVE-2012-4244]  [RT #30416]
   Prevents a named assert (crash) when validating caused by using
   "Bad cache" data before it has been initialized. [CVE-2012-3817]
   [RT #30025]
   A condition has been corrected where improper handling of
   zero-length RDATA could cause undesirable behavior, including
   termination of the named process. [CVE-2012-1667]  [RT #29644]
   ISC_QUEUE handling for recursive clients was updated to address
   a race condition that could cause a memory leak. This rarely
   occurred with UDP clients, but could be a significant problem
   for a server handling a steady rate of TCP queries. [CVE-2012-3868]
   [RT #29539 & #30233]
New Features
   Elliptic Curve Digital Signature Algorithm keys and signatures

• Files Changed
• Browse Source