summaryrefslogtreecommitdiff
path: root/doc/arm/notes.xml
diff options
context:
space:
mode:
Diffstat (limited to 'doc/arm/notes.xml')
-rw-r--r--doc/arm/notes.xml42
1 files changed, 30 insertions, 12 deletions
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index af0de21d5d226..0e7d95fdd4360 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!--
- - Copyright (C) 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2014-2016 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -23,6 +23,10 @@
This document summarizes changes since BIND 9.9.8:
</para>
<para>
+ BIND 9.9.8-P4 addresses the security issues described in
+ CVE-2016-1285 and CVE-2016-1286.
+ </para>
+ <para>
BIND 9.9.8-P3 addresses the security issue described in CVE-2015-8704.
It also fixes a serious regression in authoritative server selection
that was introduced in 9.9.8.
@@ -51,24 +55,28 @@
<itemizedlist>
<listitem>
<para>
- Specific APL data could trigger an INSIST. This flaw
- was discovered by Brian Mitchell and is disclosed in
- CVE-2015-8704. [RT #41396]
+ The resolver could abort with an assertion failure due to
+ improper DNAME handling when parsing fetch reply
+ messages. This flaw is disclosed in CVE-2016-1286. [RT #41753]
</para>
</listitem>
<listitem>
<para>
- Named is potentially vulnerable to the OpenSSL vulnerabilty
- described in CVE-2015-3193.
+ Malformed control messages can trigger assertions in named
+ and rndc. This flaw is disclosed in CVE-2016-1285. [RT
+ #41666]
</para>
</listitem>
<listitem>
<para>
- Insufficient testing when parsing a message allowed
- records with an incorrect class to be be accepted,
- triggering a REQUIRE failure when those records
- were subsequently cached. This flaw is disclosed
- in CVE-2015-8000. [RT #40987]
+ Specific APL data could trigger an INSIST. This flaw
+ is disclosed in CVE-2015-8704. [RT #41396]
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Named is potentially vulnerable to the OpenSSL vulnerability
+ described in CVE-2015-3193.
</para>
</listitem>
<listitem>
@@ -78,6 +86,15 @@
lookup. This flaw is disclosed in CVE-2015-8461. [RT#40945]
</para>
</listitem>
+ <listitem>
+ <para>
+ Insufficient testing when parsing a message allowed
+ records with an incorrect class to be be accepted,
+ triggering a REQUIRE failure when those records
+ were subsequently cached. This flaw is disclosed
+ in CVE-2015-8000. [RT #40987]
+ </para>
+ </listitem>
</itemizedlist>
</sect2>
<sect2 id="relnotes_features">
@@ -113,7 +130,8 @@
<sect2 id="end_of_life">
<title>End of Life</title>
<para>
- The BIND 9.9 (Extended Support Version) will be supported until June, 2017.
+ The BIND 9.9 (Extended Support Version) will be supported until
+ December, 2017.
<ulink url="https://www.isc.org/downloads/software-support-policy/"
>https://www.isc.org/downloads/software-support-policy/</ulink>
</para>