diff options
Diffstat (limited to 'doc/arm/notes.xml')
-rw-r--r-- | doc/arm/notes.xml | 42 |
1 files changed, 30 insertions, 12 deletions
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml index af0de21d5d226..0e7d95fdd4360 100644 --- a/doc/arm/notes.xml +++ b/doc/arm/notes.xml @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="utf-8"?> <!-- - - Copyright (C) 2014, 2015 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2014-2016 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -23,6 +23,10 @@ This document summarizes changes since BIND 9.9.8: </para> <para> + BIND 9.9.8-P4 addresses the security issues described in + CVE-2016-1285 and CVE-2016-1286. + </para> + <para> BIND 9.9.8-P3 addresses the security issue described in CVE-2015-8704. It also fixes a serious regression in authoritative server selection that was introduced in 9.9.8. @@ -51,24 +55,28 @@ <itemizedlist> <listitem> <para> - Specific APL data could trigger an INSIST. This flaw - was discovered by Brian Mitchell and is disclosed in - CVE-2015-8704. [RT #41396] + The resolver could abort with an assertion failure due to + improper DNAME handling when parsing fetch reply + messages. This flaw is disclosed in CVE-2016-1286. [RT #41753] </para> </listitem> <listitem> <para> - Named is potentially vulnerable to the OpenSSL vulnerabilty - described in CVE-2015-3193. + Malformed control messages can trigger assertions in named + and rndc. This flaw is disclosed in CVE-2016-1285. [RT + #41666] </para> </listitem> <listitem> <para> - Insufficient testing when parsing a message allowed - records with an incorrect class to be be accepted, - triggering a REQUIRE failure when those records - were subsequently cached. This flaw is disclosed - in CVE-2015-8000. [RT #40987] + Specific APL data could trigger an INSIST. This flaw + is disclosed in CVE-2015-8704. [RT #41396] + </para> + </listitem> + <listitem> + <para> + Named is potentially vulnerable to the OpenSSL vulnerability + described in CVE-2015-3193. </para> </listitem> <listitem> @@ -78,6 +86,15 @@ lookup. This flaw is disclosed in CVE-2015-8461. [RT#40945] </para> </listitem> + <listitem> + <para> + Insufficient testing when parsing a message allowed + records with an incorrect class to be be accepted, + triggering a REQUIRE failure when those records + were subsequently cached. This flaw is disclosed + in CVE-2015-8000. [RT #40987] + </para> + </listitem> </itemizedlist> </sect2> <sect2 id="relnotes_features"> @@ -113,7 +130,8 @@ <sect2 id="end_of_life"> <title>End of Life</title> <para> - The BIND 9.9 (Extended Support Version) will be supported until June, 2017. + The BIND 9.9 (Extended Support Version) will be supported until + December, 2017. <ulink url="https://www.isc.org/downloads/software-support-policy/" >https://www.isc.org/downloads/software-support-policy/</ulink> </para> |