|Reported by:||Fernando de Oliveira||Owned by:||Igor Živković|
... Security Fixes Prevents named from crashing with an INSIST failure when certain queries are made against an NSEC3-signed zone. (CVE-2014-0591) [RT #35120] Treat an all zero netmask as invalid when generating the localnets acl. A Winsock library call on some Windows systems can return an incorrect value for an interface's netmask, potentially causing unexpected matches to BIND's built-in "localnets" Access Control List. (CVE-2013-6230) [RT #34687] Previously an error in bounds checking on the private type 'keydata' could be used to deny service through a deliberately triggerable REQUIRE failure (CVE-2013-4854). [RT #34238] Prevents exploitation of a runtime_check which can crash named when satisfying a recursive query for particular malformed zones. (CVE-2013-3919) [RT #33690] New Features Added Response Rate Limiting (RRL) functionality to reduce the effectiveness of DNS as an amplifier for reflected denial-of-service attacks by rate-limiting substantially-identical responses. [RT #28130] Feature Changes rndc status now also shows the build-id. [RT #20422] ...
Change History (3)
Note: See TracTickets for help on using tickets.