Overview
Request 162840 accepted
- Updated to 9.9.2-P2
Security Fixes
Removed the check for regex.h in configure in order to disable
regex syntax checking, as it exposes BIND to a critical flaw in
libregex on some platforms. [CVE-2013-2266] [RT #32688]
https://kb.isc.org/article/AA-00871 (bnc#811876)
Prevents named from aborting with a require assertion failure
on servers with DNS64 enabled. These crashes might occur as a
result of specific queries that are received. (Note that this
fix is a subset of a series of updates that will be included in
full in BIND 9.8.5 and 9.9.3 as change #3388, RT #30996).
[CVE-2012-5688] [RT #30792]
A deliberately constructed combination of records could cause
named to hang while populating the additional section of a
response. [CVE-2012-5166] [RT #31090]
Prevents a named assert (crash) when queried for a record whose
RDATA exceeds 65535 bytes. [CVE-2012-4244] [RT #30416]
Prevents a named assert (crash) when validating caused by using
"Bad cache" data before it has been initialized. [CVE-2012-3817]
[RT #30025]
A condition has been corrected where improper handling of
zero-length RDATA could cause undesirable behavior, including
termination of the named process. [CVE-2012-1667] [RT #29644]
ISC_QUEUE handling for recursive clients was updated to address
a race condition that could cause a memory leak. This rarely
occurred with UDP clients, but could be a significant problem
for a server handling a steady rate of TCP queries. [CVE-2012-3868]
[RT #29539 & #30233]
New Features
Elliptic Curve Digital Signature Algorithm keys and signatures
Request History
lijews created request
- Updated to 9.9.2-P2
Security Fixes
Removed the check for regex.h in configure in order to disable
regex syntax checking, as it exposes BIND to a critical flaw in
libregex on some platforms. [CVE-2013-2266] [RT #32688]
https://kb.isc.org/article/AA-00871 (bnc#811876)
Prevents named from aborting with a require assertion failure
on servers with DNS64 enabled. These crashes might occur as a
result of specific queries that are received. (Note that this
fix is a subset of a series of updates that will be included in
full in BIND 9.8.5 and 9.9.3 as change #3388, RT #30996).
[CVE-2012-5688] [RT #30792]
A deliberately constructed combination of records could cause
named to hang while populating the additional section of a
response. [CVE-2012-5166] [RT #31090]
Prevents a named assert (crash) when queried for a record whose
RDATA exceeds 65535 bytes. [CVE-2012-4244] [RT #30416]
Prevents a named assert (crash) when validating caused by using
"Bad cache" data before it has been initialized. [CVE-2012-3817]
[RT #30025]
A condition has been corrected where improper handling of
zero-length RDATA could cause undesirable behavior, including
termination of the named process. [CVE-2012-1667] [RT #29644]
ISC_QUEUE handling for recursive clients was updated to address
a race condition that could cause a memory leak. This rarely
occurred with UDP clients, but could be a significant problem
for a server handling a steady rate of TCP queries. [CVE-2012-3868]
[RT #29539 & #30233]
New Features
Elliptic Curve Digital Signature Algorithm keys and signatures
lijews accepted request
