Overview
Request 144433 accepted
- Updated to 9.9.2-P1 (bnc#792926)
https://kb.isc.org/article/AA-00828
* Security Fixes
Prevents named from aborting with a require assertion failure on
servers with DNS64 enabled. These crashes might occur as a result of
specific queries that are received. (Note that this fix is a subset
of a series of updates that will be included in full in BIND 9.8.5
and 9.9.3 as change #3388, RT #30996). [CVE-2012-5688] [RT #30792]
A deliberately constructed combination of records could cause
named to hang while populating the additional section of a
response. [CVE-2012-5166] [RT #31090]
Prevents a named assert (crash) when queried for a record whose
RDATA exceeds 65535 bytes. [CVE-2012-4244] [RT #30416]
Prevents a named assert (crash) when validating caused by using
"Bad cache" data before it has been initialized. [CVE-2012-3817]
[RT #30025]
A condition has been corrected where improper handling of zero-length
RDATA could cause undesirable behavior, including termination of
the named process. [CVE-2012-1667] [RT #29644]
ISC_QUEUE handling for recursive clients was updated to address a race
condition that could cause a memory leak. This rarely occurred with
UDP clients, but could be a significant problem for a server handling
a steady rate of TCP queries. [CVE-2012-3868] [RT #29539 & #30233]
New Features
Elliptic Curve Digital Signature Algorithm keys and signatures in
DNSSEC are now supported per RFC 6605. [RT #21918]
Introduces a new tool "dnssec-checkds" command that checks a zone to
determine which DS records should be published in the parent zone,
or which DLV records should be published in a DLV zone, and queries
the DNS to ensure that it exists. (Note: This tool depends on python;
Request History
msmeissn created request
- Updated to 9.9.2-P1 (bnc#792926)
https://kb.isc.org/article/AA-00828
* Security Fixes
Prevents named from aborting with a require assertion failure on
servers with DNS64 enabled. These crashes might occur as a result of
specific queries that are received. (Note that this fix is a subset
of a series of updates that will be included in full in BIND 9.8.5
and 9.9.3 as change #3388, RT #30996). [CVE-2012-5688] [RT #30792]
A deliberately constructed combination of records could cause
named to hang while populating the additional section of a
response. [CVE-2012-5166] [RT #31090]
Prevents a named assert (crash) when queried for a record whose
RDATA exceeds 65535 bytes. [CVE-2012-4244] [RT #30416]
Prevents a named assert (crash) when validating caused by using
"Bad cache" data before it has been initialized. [CVE-2012-3817]
[RT #30025]
A condition has been corrected where improper handling of zero-length
RDATA could cause undesirable behavior, including termination of
the named process. [CVE-2012-1667] [RT #29644]
ISC_QUEUE handling for recursive clients was updated to address a race
condition that could cause a memory leak. This rarely occurred with
UDP clients, but could be a significant problem for a server handling
a steady rate of TCP queries. [CVE-2012-3868] [RT #29539 & #30233]
New Features
Elliptic Curve Digital Signature Algorithm keys and signatures in
DNSSEC are now supported per RFC 6605. [RT #21918]
Introduces a new tool "dnssec-checkds" command that checks a zone to
determine which DS records should be published in the parent zone,
or which DLV records should be published in a DLV zone, and queries
the DNS to ensure that it exists. (Note: This tool depends on python;
licensedigger accepted review
{"approve": "preliminary, version number changed"}
factory-auto accepted review
Builds for repo openSUSE_Factory
dimstar accepted review
ok
dimstar approved review
ok
factory-auto added a reviewer
Please review sources
namtrac accepted request
- Updated to 9.9.2-P1 (bnc#792926)
https://kb.isc.org/article/AA-00828
* Security Fixes
Prevents named from aborting with a require assertion failure on
servers with DNS64 enabled. These crashes might occur as a result of
specific queries that are received. (Note that this fix is a subset
of a series of updates that will be included in full in BIND 9.8.5
and 9.9.3 as change #3388, RT #30996). [CVE-2012-5688] [RT #30792]
A deliberately constructed combination of records could cause
named to hang while populating the additional section of a
response. [CVE-2012-5166] [RT #31090]
Prevents a named assert (crash) when queried for a record whose
RDATA exceeds 65535 bytes. [CVE-2012-4244] [RT #30416]
Prevents a named assert (crash) when validating caused by using
"Bad cache" data before it has been initialized. [CVE-2012-3817]
[RT #30025]
A condition has been corrected where improper handling of zero-length
RDATA could cause undesirable behavior, including termination of
the named process. [CVE-2012-1667] [RT #29644]
ISC_QUEUE handling for recursive clients was updated to address a race
condition that could cause a memory leak. This rarely occurred with
UDP clients, but could be a significant problem for a server handling
a steady rate of TCP queries. [CVE-2012-3868] [RT #29539 & #30233]
New Features
Elliptic Curve Digital Signature Algorithm keys and signatures in
DNSSEC are now supported per RFC 6605. [RT #21918]
Introduces a new tool "dnssec-checkds" command that checks a zone to
determine which DS records should be published in the parent zone,
or which DLV records should be published in a DLV zone, and queries
the DNS to ensure that it exists. (Note: This tool depends on python;