bind-9.10.3-P2 (bind9.10.3-P2) and BIND Utilities-9.10.3-P2

[Fernando de Oliveira]

This is a security update

CVE-2015-3193 (OpenSSL)
CVE-2015-8000
CVE-2015-8461

​ftp://ftp.isc.org/isc/bind9/9.10.3-P2/bind-9.10.3-P2.tar.gz

​ftp://ftp.isc.org/isc/bind9/9.10.3-P2/bind-9.10.3-P2.tar.gz.sha512.asc

​ftp://ftp.isc.org/isc/bind9/9.10.3-P2/CHANGES

​ftp://ftp.isc.org/isc/bind9/9.10.3-P2/RELEASE-NOTES-9.10.3-P2.txt

Release Notes for BIND Version 9.10.3-P2

Introduction

This document summarizes changes since BIND 9.10.3:

BIND 9.10.3-P2 addresses the security issues described in CVE-2015-3193
(OpenSSL), CVE-2015-8000 and CVE-2015-8461.

BIND 9.10.3-P1 was incomplete and was withdrawn prior to publication.

Security Fixes

  • Named is potentially vulnerable to the OpenSSL vulnerabilty
    described in CVE-2015-3193.

  • Incorrect reference counting could result in an INSIST failure if a
    socket error occurred while performing a lookup. This flaw is
    disclosed in CVE-2015-8461. [RT#40945]

  • Insufficient testing when parsing a message allowed records with an
    incorrect class to be be accepted, triggering a REQUIRE failure when
    those records were subsequently cached. This flaw is disclosed in
    CVE-2015-8000. [RT #40987]

New Features

  • None. 

Feature Changes

  • Updated the compiled in addresses for H.ROOT-SERVERS.NET. 

Bug Fixes

  • None. 

End of Life

The end of life for BIND 9.10 is yet to be determined but will not be
before BIND 9.12.0 has been released for 6 months.
https://www.isc.org/downloads/software-support-policy/

[Fernando de Oliveira]

Fixed at r16739.