Accepting request 264596 from home:lmuelle:bind

- Update to version 9.10.1-P1
  - A flaw in delegation handling could be exploited to put named into an
    infinite loop.  This has been addressed by placing limits on the number of
    levels of recursion named will allow (default 7), and the number of
    iterative queries that it will send (default 50) before terminating a
    recursive query (CVE-2014-8500); (bnc#908994).
    The recursion depth limit is configured via the "max-recursion-depth"
    option, and the query limit via the "max-recursion-queries" option.
    [RT #37580]
  - When geoip-directory was reconfigured during named run-time, the
    previously loaded GeoIP data could remain, potentially causing wrong ACLs
    to be used or wrong results to be served based on geolocation
    (CVE-2014-8680). [RT #37720]; (bnc#908995).
  - Lookups in GeoIP databases that were not loaded could cause an assertion
    failure (CVE-2014-8680). [RT #37679]; (bnc#908995).
  - The caching of GeoIP lookups did not always handle address families
    correctly, potentially resulting in an assertion failure (CVE-2014-8680).
    [RT #37672]; (bnc#908995).

OBS-URL: https://build.opensuse.org/request/show/264596
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=156
This commit is contained in:
Lars Müller 2014-12-09 22:47:11 +00:00 committed by Git OBS Bridge
parent c38019450e
commit 24da4f54fa
6 changed files with 39 additions and 16 deletions

3
bind-9.10.1-P1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:974343108d32f253a130383d0ba51290fb7bf372092f1451f264a9e3ac09898d
size 8356463

12
bind-9.10.1-P1.tar.gz.asc Normal file
View File

@ -0,0 +1,12 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQEcBAABAgAGBQJUbrEDAAoJEEWseFcYnNvFws8H/2I6YJNbUxY4rS6/alBUwIWy
N3oUSb290Szatl1sAUjlZ6SQbIgvKKxPRcp6HwKvhpecc+/Y0EAN43IWrGrndnoX
Fvfutn68I9cWCSFROnlOOlrmSFCs6Xg7OHZJy5mkf5cm9DflXYo3Xp6b1VCk7Z6j
jxuXGn7Uj4a/Ylk1ERV9ELl4qXugPj8J9bN+cjtr6iBl8yxXKwuZiiSDaZZf36w0
SziClj2G8CA0UOGDu7XxPENJdJZPmS+sopxXWBpU7pL0EojcrFPbGENU9FtzHrjq
oVte/sQlrXfZXjo4op7tTeQH7d7PE6i01p+VJwG9YDtAQ3HA5jovSTBiiEtICfU=
=LVgj
-----END PGP SIGNATURE-----

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5361eca2b8b6bc0b13904b0f964336a478dfbc165711547f6cc3f8752ac60181
size 8353313

View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAABAgAGBQJUIAfBAAoJEEWseFcYnNvFmosIAMQn2vFb2j6iIqop7Fg4cJs5
0hR1gFdcwkBZELKbLXkpL8qGOYrF9A8Wdjraf8i2iLUwZ1qsWLSL1wMokgamacRT
8VsQnfS6o1CO/uVrB7QysWmcovuAuHNj1d4v2M6CIGnbuUneQ6sQf28u6TWG6ENW
RtKUcz418WwghvQlBmoi2BVxluR+/15im87eUMsNajWRtNPLZJc2KvFnKHiZFvTU
36ffiAUC3nL/+61pHz7JvxzpJtgjyGtgSF16unPXAI1Oyg7lZOw0+cNUOnzclYy/
UGw83PwxxtBjm9WmLPfnUqXPWKNzjCRPAiEDOvyCjEKD+HamDA7YxvV9D82aQW4=
=klq+
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,25 @@
-------------------------------------------------------------------
Tue Dec 9 21:45:10 UTC 2014 - lmuelle@suse.com
- Update to version 9.10.1-P1
- A flaw in delegation handling could be exploited to put named into an
infinite loop. This has been addressed by placing limits on the number of
levels of recursion named will allow (default 7), and the number of
iterative queries that it will send (default 50) before terminating a
recursive query (CVE-2014-8500); (bnc#908994).
The recursion depth limit is configured via the "max-recursion-depth"
option, and the query limit via the "max-recursion-queries" option.
[RT #37580]
- When geoip-directory was reconfigured during named run-time, the
previously loaded GeoIP data could remain, potentially causing wrong ACLs
to be used or wrong results to be served based on geolocation
(CVE-2014-8680). [RT #37720]; (bnc#908995).
- Lookups in GeoIP databases that were not loaded could cause an assertion
failure (CVE-2014-8680). [RT #37679]; (bnc#908995).
- The caching of GeoIP lookups did not always handle address families
correctly, potentially resulting in an assertion failure (CVE-2014-8680).
[RT #37672]; (bnc#908995).
-------------------------------------------------------------------
Sun Dec 7 16:54:03 UTC 2014 - jengelh@inai.de

View File

@ -18,8 +18,8 @@
Name: bind
%define pkg_name bind
%define pkg_vers 9.10.1
%define rpm_vers 9.10.1
%define pkg_vers 9.10.1-P1
%define rpm_vers 9.10.1P1
%define idn_vers 1.0
Summary: Domain Name System (DNS) Server (named)
License: ISC