webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 02:55:55 +02:00
Code Issues Packages Projects Releases Wiki Activity
10,642 Commits 2 Branches 1 Tag
91c35e4838b4e059c67240bb54cd32eefd105da3
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Matthias Fischer 91c35e4838 bind: Update to 9.11.0-P5 
For details see:
https://ftp.isc.org/isc/bind9/9.11.0-P5/RELEASE-NOTES-bind-9.11.0-P5.html

"BIND 9.11.0-P5 addresses the security issues described in CVE-2017-3136,
CVE-2017-3137, and CVE-2017-3138, and updates the built-in trusted keys for the root zone.

Security Fixes

rndc "" could trigger an assertion failure in named. This flaw is disclosed in
(CVE-2017-3138). [RT #44924]

Some chaining (i.e., type CNAME or DNAME) responses to upstream queries could
trigger assertion failures. This flaw is disclosed in CVE-2017-3137. [RT #44734]

dns64 with break-dnssec yes; can result in an assertion failure. This flaw is
disclosed in CVE-2017-3136. [RT #44653]

If a server is configured with a response policy zone (RPZ) that rewrites an
answer with local data, and is also configured for DNS64 address mapping, a NULL
pointer can be read triggering a server crash. This flaw is disclosed in CVE-2017-3135.
[RT #44434]

A coding error in the nxdomain-redirect feature could lead to an assertion failure if
the redirection namespace was served from a local authoritative data source such as a
local zone or a DLZ instead of via recursive lookup. This flaw is disclosed in
CVE-2016-9778. [RT #43837]

named could mishandle authority sections with missing RRSIGs, triggering an assertion
failure. This flaw is disclosed in CVE-2016-9444. [RT #43632]

named mishandled some responses where covering RRSIG records were returned without the
requested data, resulting in an assertion failure. This flaw is disclosed in
CVE-2016-9147. [RT #43548]

named incorrectly tried to cache TKEY records which could trigger an assertion failure
when there was a class mismatch. This flaw is disclosed in CVE-2016-9131. [RT #43522]

It was possible to trigger assertions when processing responses containing answers of
type DNAME. This flaw is disclosed in CVE-2016-8864. [RT #43465]

Bug Fixes

A synthesized CNAME record appearing in a response before the associated DNAME could be
cached, when it should not have been. This was a regression introduced while addressing
CVE-2016-8864. [RT #44318]

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2017-04-16 17:23:57 +01:00
config
avahi: Drop package
2017-04-12 17:49:45 +01:00
doc
DNS: Show DNSSEC status on index page if deavtivated
2017-04-02 19:48:20 +01:00
html
IPsec: Include Curve 25519 in default proposal
2017-04-05 12:16:52 +01:00
langs
DNS: Show DNSSEC status on index page if deavtivated
2017-04-02 19:48:20 +01:00
lfs
bind: Update to 9.11.0-P5
2017-04-16 17:23:57 +01:00
src
avahi: Drop package
2017-04-12 17:49:45 +01:00
tools
buildsystem: Escape curly brackets
2016-06-01 22:17:10 +01:00
.gitignore
Buildsystem: generate image md5sums.
2011-01-01 11:40:19 +01:00
.mailmap
Add .mailmap.
2010-01-22 11:37:55 +01:00
make.sh
avahi: Drop package
2017-04-12 17:49:45 +01:00
Description
No description provided
101 MiB
Languages
Perl 70.4%
Shell 23%
C 4%
Python 0.6%
Makefile 0.5%
Other 1.4%