bind-9.10.3-P3 (bind9.10.3-P3) and BIND Utilities-9.10.3-P3
|Reported by:||Fernando de Oliveira||Owned by:||Fernando de Oliveira|
This is a security update
CVE-2015-3193 (OpenSSL) CVE-2015-8000 CVE-2015-8461 CVE-2015-8704 CVE-2015-8705
Release Notes for BIND Version 9.10.3-P3 Introduction This document summarizes changes since BIND 9.10.3: • BIND 9.10.3-P3 addresses the security issues described in CVE-2015-8704 and CVE-2015-8705. It also fixes a serious regression in authoritative server selection that was introduced in BIND 9.10.3. • BIND 9.10.3-P2 addresses the security issues described in CVE-2015-3193 (OpenSSL), CVE-2015-8000 and CVE-2015-8461. • BIND 9.10.3-P1 was incomplete and was withdrawn prior to publication. Security Fixes • Specific APL data could trigger an INSIST. This flaw was discovered by Brian Mitchell and is disclosed in CVE-2015-8704. [RT #41396] • Certain errors that could be encountered when printing out or logging an OPT record containing a CLIENT-SUBNET option could be mishandled, resulting in an assertion failure. This flaw was discovered by Brian Mitchell and is disclosed in CVE-2015-8705. [RT #41397] • Named is potentially vulnerable to the OpenSSL vulnerabilty described in CVE-2015-3193. • Insufficient testing when parsing a message allowed records with an incorrect class to be be accepted, triggering a REQUIRE failure when those records were subsequently cached. This flaw is disclosed in CVE-2015-8000. [RT #40987] • Incorrect reference counting could result in an INSIST failure if a socket error occurred while performing a lookup. This flaw is disclosed in CVE-2015-8461. [RT#40945] New Features • None. Feature Changes • Updated the compiled in addresses for H.ROOT-SERVERS.NET. Bug Fixes • Authoritative servers that were marked as bogus (e.g. blackholed in configuration or with invalid addresses) were being queried anyway. [RT #41321] End of Life The end of life for BIND 9.10 is yet to be determined but will not be before BIND 9.12.0 has been released for 6 months. https://www.isc.org/downloads/software-support-policy/
Change History (3)
Note: See TracTickets for help on using tickets.