Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#4558 closed enhancement (fixed)

BIND 9.9.4-P2

Reported by: Fernando de Oliveira Owned by: Igor Živković
Priority: normal Milestone:
Component: BOOK Version: SVN
Severity: normal Keywords:



Security Fixes

   Prevents named from crashing with an INSIST failure when certain
   queries are made against an NSEC3-signed zone. (CVE-2014-0591)
   [RT #35120]

   Treat an all zero netmask as invalid when generating the localnets
   acl. A Winsock library call on some Windows systems can return
   an incorrect value for an interface's netmask, potentially
   causing unexpected matches to BIND's built-in "localnets" Access
   Control List. (CVE-2013-6230) [RT #34687]

   Previously an error in bounds checking on the private type
   'keydata' could be used to deny service through a deliberately
   triggerable REQUIRE failure (CVE-2013-4854).  [RT #34238]

   Prevents exploitation of a runtime_check which can crash named
   when satisfying a recursive query for particular malformed zones.
   (CVE-2013-3919) [RT #33690]

New Features

   Added Response Rate Limiting (RRL) functionality to reduce the
   effectiveness of DNS as an amplifier for reflected denial-of-service
   attacks by rate-limiting substantially-identical responses. [RT

Feature Changes

   rndc status now also shows the build-id. [RT #20422]

Change History (3)

comment:1 by Igor Živković, 9 years ago

Owner: changed from blfs-book@… to Igor Živković
Status: newassigned

comment:2 by Igor Živković, 9 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r12619.

comment:3 by bdubbs@…, 9 years ago

Milestone: current

Milestone current deleted

Note: See TracTickets for help on using tickets.