| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
and improvements
See RELEASE-NOTES-BIND-9.4-ESV.* for details
This is expected to be the final release of the BIND 9.4 branch
Notes:
svn path=/stable/7/; revision=224601
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update to version 9.4-ESV-R4, the latest from ISC, which addresses
the following security vulnerabilities.
For more information regarding these issues please see:
http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories
1. Cache incorrectly allows ncache and rrsig for the same type
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613
Affects resolver operators whose servers are open to potential
attackers. Triggering the bug will cause the server to crash.
This bug applies even if you do not have DNSSEC enabled.
2. Key algorithm rollover
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614
Affects resolver operators who are validating with DNSSEC, and
querying zones which are in a key rollover period. The bug will
cause answers to incorrectly be marked as insecure.
Approved by: re (kib)
Notes:
svn path=/stable/7/; revision=216336
|
| |
|
|
|
|
|
|
| |
This version contains several fixes for DNSSEC and DLV, as well as
fixes relevant to any resolving name server.
Notes:
svn path=/stable/7/; revision=214812
|
| |
|
|
|
|
|
|
| |
Named could return SERVFAIL for negative responses
from unsigned zones.
Notes:
svn path=/stable/7/; revision=208485
|
| |
|
|
|
|
|
|
|
|
|
| |
the problems related to the handling of broken DNSSEC trust chains.
This fix is only relevant for those who have DNSSEC validation
enabled and configure trust anchors from third parties, either
manually, or through a system like DLV.
Notes:
svn path=/stable/7/; revision=205868
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fixes since the release of 9.4.3, including the most recent -P5 security
fix detailed below.
From the README:
BIND 9.4-ESV will be supported until December 31, 2010, at
which time you will need to upgrade to the current release
of BIND.
This versions address the following vulnerabilities:
BIND 9 Cache Update from Additional Section
https://www.isc.org/advisories/CVE-2009-4022v6
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022
A nameserver with DNSSEC validation enabled may incorrectly add
unauthenticated records to its cache that are received during the
resolution of a recursive client query
BIND 9 DNSSEC validation code could cause bogus NXDOMAIN responses
https://www.isc.org/advisories/CVE-2010-0097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097
There was an error in the DNSSEC NSEC/NSEC3 validation code that could
cause bogus NXDOMAIN responses (that is, NXDOMAIN responses for records
proven by NSEC or NSEC3 to exist) to be cached as if they had validated
correctly
These issues only affect systems with DNSSEC validation enabled.
Approved by: re (kensmith)
Notes:
svn path=/stable/7/; revision=203948
|
| |
|
|
|
|
|
| |
Approved by: re (kensmith)
Notes:
svn path=/stable/7/; revision=174398
|
| |
|
|
|
|
|
| |
which included commits to RCS files with non-trunk default branches.
Notes:
svn path=/head/; revision=170226
|
| |
|
|
| |
Notes:
svn path=/vendor/bind9/dist/; revision=170222
|
| |
|
|
|
|
|
| |
in BIND 9.3.2 that were mistakenly removed from HEAD.
Notes:
svn path=/vendor/bind9/dist/; revision=154334
|
| |
|
|
| |
Notes:
svn path=/vendor/bind9/dist/; revision=153816
|
|
|
Notes:
svn path=/vendor/bind9/dist/; revision=135446
|
