- updated to 9.9.2
https://kb.isc.org/article/AA-00798 Security: * A deliberately constructed combination of records could cause named to hang while populating the additional section of a response. [CVE-2012-5166] [RT #31090] * Prevents a named assert (crash) when queried for a record whose RDATA exceeds 65535 bytes. [CVE-2012-4244] [RT #30416] * Prevents a named assert (crash) when validating caused by using "Bad cache" data before it has been initialized. [CVE-2012-3817] [RT #30025] * A condition has been corrected where improper handling of zero-length RDATA could cause undesirable behavior, including termination of the named process. [CVE-2012-1667] [RT #29644] * ISC_QUEUE handling for recursive clients was updated to address a race condition that could cause a memory leak. This rarely occurred with UDP clients, but could be a significant problem for a server handling a steady rate of TCP queries. [CVE-2012-3868] [RT #29539 & #30233] New Features * Elliptic Curve Digital Signature Algorithm keys and signatures in DNSSEC are now supported per RFC 6605. [RT #21918] * Introduces a new tool "dnssec-checkds" command that checks a zone to determine which DS records should be published in the parent zone, or which DLV records should be published in a DLV zone, and queries the DNS to ensure that it exists. (Note: This tool depends on python; it will not be built or installed on systems that do not have a python interpreter.) [RT #28099] * Introduces a new tool "dnssec-verify" that validates a signed zone, checking for the correctness of signatures and NSEC/NSEC3 chains. [RT #23673] * Adds configuration option "max-rsa-exponent-size <value>;" that can OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=100
This commit is contained in:
parent
c9d0046524
commit
d3e988aaee
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:18f90727fd9566da037e71569d9b3a4834c96b04d9e75f9899eba0bc88c0868a
|
||||
size 7227655
|
3
bind-9.9.2.tar.gz
Normal file
3
bind-9.9.2.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:7e6530b198d512e27a856bbd7426b1a3c47fd55d06d667adb66f760259009b48
|
||||
size 7285050
|
46
bind.changes
46
bind.changes
@ -1,3 +1,49 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Nov 14 10:24:42 UTC 2012 - meissner@suse.com
|
||||
|
||||
- updated to 9.9.2
|
||||
https://kb.isc.org/article/AA-00798
|
||||
|
||||
Security:
|
||||
* A deliberately constructed combination of records could cause
|
||||
named to hang while populating the additional section of a
|
||||
response. [CVE-2012-5166] [RT #31090]
|
||||
* Prevents a named assert (crash) when queried for a record whose
|
||||
RDATA exceeds 65535 bytes. [CVE-2012-4244] [RT #30416]
|
||||
* Prevents a named assert (crash) when validating caused by using "Bad
|
||||
cache" data before it has been initialized. [CVE-2012-3817] [RT #30025]
|
||||
* A condition has been corrected where improper handling of zero-length
|
||||
RDATA could cause undesirable behavior, including termination of the
|
||||
named process. [CVE-2012-1667] [RT #29644]
|
||||
* ISC_QUEUE handling for recursive clients was updated to address a race
|
||||
condition that could cause a memory leak. This rarely occurred with
|
||||
UDP clients, but could be a significant problem for a server handling
|
||||
a steady rate of TCP queries. [CVE-2012-3868] [RT #29539 & #30233]
|
||||
|
||||
New Features
|
||||
|
||||
* Elliptic Curve Digital Signature Algorithm keys and signatures in
|
||||
DNSSEC are now supported per RFC 6605. [RT #21918]
|
||||
* Introduces a new tool "dnssec-checkds" command that checks a zone
|
||||
to determine which DS records should be published in the parent zone,
|
||||
or which DLV records should be published in a DLV zone, and queries
|
||||
the DNS to ensure that it exists. (Note: This tool depends on python;
|
||||
it will not be built or installed on systems that do not have a python
|
||||
interpreter.) [RT #28099]
|
||||
* Introduces a new tool "dnssec-verify" that validates a signed zone,
|
||||
checking for the correctness of signatures and NSEC/NSEC3 chains.
|
||||
[RT #23673]
|
||||
* Adds configuration option "max-rsa-exponent-size <value>;" that can
|
||||
be used to specify the maximum rsa exponent size that will be accepted
|
||||
when validating [RT #29228]
|
||||
|
||||
Feature Changes
|
||||
|
||||
* Improves OpenSSL error logging [RT #29932]
|
||||
* nslookup now returns a nonzero exit code when it is unable to get an answer. [RT #29492]
|
||||
|
||||
Lots of bugfixes.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Oct 19 12:11:55 UTC 2012 - meissner@suse.com
|
||||
|
||||
|
@ -18,7 +18,7 @@
|
||||
|
||||
Name: bind
|
||||
%define pkg_name bind
|
||||
%define pkg_vers 9.9.1-P4
|
||||
%define pkg_vers 9.9.2
|
||||
BuildRequires: krb5-devel
|
||||
BuildRequires: libcap
|
||||
BuildRequires: libcap-devel
|
||||
@ -32,7 +32,7 @@ BuildRequires: update-desktop-files
|
||||
Summary: Domain Name System (DNS) Server (named)
|
||||
License: ISC
|
||||
Group: Productivity/Networking/DNS/Servers
|
||||
Version: 9.9.1P3
|
||||
Version: 9.9.2
|
||||
Release: 0
|
||||
Provides: bind8
|
||||
Provides: bind9
|
||||
|
Loading…
Reference in New Issue
Block a user