rpm/bind
SHA256
1
0
Fork 0
forked from pool/bind
Code Pull Requests Activity

- updated to 9.9.2

Browse Source 
https://kb.isc.org/article/AA-00798
  Security:
  * A deliberately constructed combination of records could cause
    named to hang while populating the additional section of a
    response. [CVE-2012-5166] [RT #31090]
  * Prevents a named assert (crash) when queried for a record whose
    RDATA exceeds 65535 bytes.  [CVE-2012-4244]  [RT #30416]
  * Prevents a named assert (crash) when validating caused by using "Bad
    cache" data before it has been initialized. [CVE-2012-3817]  [RT #30025]
  * A condition has been corrected where improper handling of zero-length
    RDATA could cause undesirable behavior, including termination of the
    named process. [CVE-2012-1667]  [RT #29644]
  * ISC_QUEUE handling for recursive clients was updated to address a race
    condition that could cause a memory leak. This rarely occurred with
    UDP clients, but could be a significant problem for a server handling
    a steady rate of TCP queries. [CVE-2012-3868]  [RT #29539 & #30233]
  New Features
  * Elliptic Curve Digital Signature Algorithm keys and signatures in
    DNSSEC are now supported per RFC 6605. [RT #21918]
  * Introduces a new tool "dnssec-checkds" command that checks a zone
    to determine which DS records should be published in the parent zone,
    or which DLV records should be published in a DLV zone, and queries
    the DNS to ensure that it exists. (Note: This tool depends on python;
    it will not be built or installed on systems that do not have a python
    interpreter.)  [RT #28099]
  * Introduces a new tool "dnssec-verify" that validates a signed zone,
    checking for the correctness of signatures and NSEC/NSEC3 chains.
    [RT #23673]
  * Adds configuration option "max-rsa-exponent-size <value>;" that can

OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=100
This commit is contained in:
Marcus Meissner
2012-11-14 10:25:52 +00:00
committed by Git OBS Bridge
parent c9d0046524
commit d3e988aaee
4 changed files with 51 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
bind.changes
View File

@@ -1,3 +1,49 @@
-------------------------------------------------------------------
Wed Nov 14 10:24:42 UTC 2012 - meissner@suse.com
- updated to 9.9.2
https://kb.isc.org/article/AA-00798
Security:
* A deliberately constructed combination of records could cause
named to hang while populating the additional section of a
response. [CVE-2012-5166] [RT #31090]
* Prevents a named assert (crash) when queried for a record whose
RDATA exceeds 65535 bytes. [CVE-2012-4244] [RT #30416]
* Prevents a named assert (crash) when validating caused by using "Bad
cache" data before it has been initialized. [CVE-2012-3817] [RT #30025]
* A condition has been corrected where improper handling of zero-length
RDATA could cause undesirable behavior, including termination of the
named process. [CVE-2012-1667] [RT #29644]
* ISC_QUEUE handling for recursive clients was updated to address a race
condition that could cause a memory leak. This rarely occurred with
UDP clients, but could be a significant problem for a server handling
a steady rate of TCP queries. [CVE-2012-3868] [RT #29539 & #30233]
New Features
* Elliptic Curve Digital Signature Algorithm keys and signatures in
DNSSEC are now supported per RFC 6605. [RT #21918]
* Introduces a new tool "dnssec-checkds" command that checks a zone
to determine which DS records should be published in the parent zone,
or which DLV records should be published in a DLV zone, and queries
the DNS to ensure that it exists. (Note: This tool depends on python;
it will not be built or installed on systems that do not have a python
interpreter.) [RT #28099]
* Introduces a new tool "dnssec-verify" that validates a signed zone,
checking for the correctness of signatures and NSEC/NSEC3 chains.
[RT #23673]
* Adds configuration option "max-rsa-exponent-size <value>;" that can
be used to specify the maximum rsa exponent size that will be accepted
when validating [RT #29228]
Feature Changes
* Improves OpenSSL error logging [RT #29932]
* nslookup now returns a nonzero exit code when it is unable to get an answer. [RT #29492]
Lots of bugfixes.
-------------------------------------------------------------------
Fri Oct 19 12:11:55 UTC 2012 - meissner@suse.com