id summary reporter owner description type status priority milestone component version severity resolution keywords cc 4558 BIND 9.9.4-P2 Fernando de Oliveira Igor Živković "[ftp://ftp.isc.org/isc/bind9/9.9.4-P2] {{{ ... Security Fixes Prevents named from crashing with an INSIST failure when certain queries are made against an NSEC3-signed zone. (CVE-2014-0591) [RT #35120] Treat an all zero netmask as invalid when generating the localnets acl. A Winsock library call on some Windows systems can return an incorrect value for an interface's netmask, potentially causing unexpected matches to BIND's built-in ""localnets"" Access Control List. (CVE-2013-6230) [RT #34687] Previously an error in bounds checking on the private type 'keydata' could be used to deny service through a deliberately triggerable REQUIRE failure (CVE-2013-4854). [RT #34238] Prevents exploitation of a runtime_check which can crash named when satisfying a recursive query for particular malformed zones. (CVE-2013-3919) [RT #33690] New Features Added Response Rate Limiting (RRL) functionality to reduce the effectiveness of DNS as an amplifier for reflected denial-of-service attacks by rate-limiting substantially-identical responses. [RT #28130] Feature Changes rndc status now also shows the build-id. [RT #20422] ... }}} " enhancement closed normal BOOK SVN normal fixed