summaryrefslogtreecommitdiff
path: root/doc/arm/Bv9ARM.ch09.html
diff options
context:
space:
mode:
Diffstat (limited to 'doc/arm/Bv9ARM.ch09.html')
-rw-r--r--doc/arm/Bv9ARM.ch09.html32
1 files changed, 23 insertions, 9 deletions
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index d1f0328b099c8..3511016ed7d63 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -45,7 +45,7 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2563593">Release Notes for BIND Version 9.9.8-P2</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2563593">Release Notes for BIND Version 9.9.8-P3</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
@@ -60,7 +60,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2563593"></a>Release Notes for BIND Version 9.9.8-P2</h2></div></div></div>
+<a name="id2563593"></a>Release Notes for BIND Version 9.9.8-P3</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
@@ -68,6 +68,11 @@
This document summarizes changes since BIND 9.9.8:
</p>
<p>
+ BIND 9.9.8-P3 addresses the security issue described in CVE-2015-8704.
+ It also fixes a serious regression in authoritative server selection
+ that was introduced in 9.9.8.
+ </p>
+<p>
BIND 9.9.8-P2 addresses security issues described in CVE-2015-3193
(OpenSSL), CVE-2015-8000 and CVE-2015-8461.
</p>
@@ -91,13 +96,13 @@
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
<div class="itemizedlist"><ul type="disc">
<li><p>
- Named is potentially vulnerable to the OpenSSL vulnerabilty
- described in CVE-2015-3193.
+ Specific APL data could trigger an INSIST. This flaw
+ was discovered by Brian Mitchell and is disclosed in
+ CVE-2015-8704. [RT #41396]
</p></li>
<li><p>
- Incorrect reference counting could result in an INSIST
- failure if a socket error occurred while performing a
- lookup. This flaw is disclosed in CVE-2015-8461. [RT#40945]
+ Named is potentially vulnerable to the OpenSSL vulnerabilty
+ described in CVE-2015-3193.
</p></li>
<li><p>
Insufficient testing when parsing a message allowed
@@ -106,6 +111,11 @@
were subsequently cached. This flaw is disclosed
in CVE-2015-8000. [RT #40987]
</p></li>
+<li><p>
+ Incorrect reference counting could result in an INSIST
+ failure if a socket error occurred while performing a
+ lookup. This flaw is disclosed in CVE-2015-8461. [RT#40945]
+ </p></li>
</ul></div>
</div>
<div class="sect2" lang="en">
@@ -123,7 +133,11 @@
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
-<div class="itemizedlist"><ul type="disc"><li><p>None</p></li></ul></div>
+<div class="itemizedlist"><ul type="disc"><li><p>
+ Authoritative servers that were marked as bogus (e.g. blackholed
+ in configuration or with invalid addresses) were being queried
+ anyway. [RT #41321]
+ </p></li></ul></div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
@@ -163,6 +177,6 @@
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P2 (Extended Support Version)</p>
+<p style="text-align: center;">BIND 9.9.8-P3 (Extended Support Version)</p>
</body>
</html>