BIND 9.9.4-P2
ftp://ftp.isc.org/isc/bind9/9.9.4-P2
...
Security Fixes
Prevents named from crashing with an INSIST failure when certain
queries are made against an NSEC3-signed zone. (CVE-2014-0591)
[RT #35120]
Treat an all zero netmask as invalid when generating the localnets
acl. A Winsock library call on some Windows systems can return
an incorrect value for an interface's netmask, potentially
causing unexpected matches to BIND's built-in "localnets" Access
Control List. (CVE-2013-6230) [RT #34687]
Previously an error in bounds checking on the private type
'keydata' could be used to deny service through a deliberately
triggerable REQUIRE failure (CVE-2013-4854). [RT #34238]
Prevents exploitation of a runtime_check which can crash named
when satisfying a recursive query for particular malformed zones.
(CVE-2013-3919) [RT #33690]
New Features
Added Response Rate Limiting (RRL) functionality to reduce the
effectiveness of DNS as an amplifier for reflected denial-of-service
attacks by rate-limiting substantially-identical responses. [RT
#28130]
Feature Changes
rndc status now also shows the build-id. [RT #20422]
...
Change History
(3)
| Owner: |
changed from blfs-book@… to Igor Živković
|
| Status: |
new → assigned
|
| Resolution: |
→ fixed
|
| Status: |
assigned → closed
|
Fixed at r12619.