From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH] bind: bump version to 9.11.0-P5 (security)
Date: Mon, 24 Apr 2017 21:25:11 +0200 [thread overview]
Message-ID: <871sshwqug.fsf@dell.be.48ers.dk> (raw)
In-Reply-To: <20170413133209.36781-1-Vincent.Riera@imgtec.com> (Vicente Olivert Riera's message of "Thu, 13 Apr 2017 14:32:09 +0100")
>>>>> "Vicente" == Vicente Olivert Riera <Vincent.Riera@imgtec.com> writes:
> Security Fixes:
> - rndc "" could trigger an assertion failure in named. This flaw is
> disclosed in (CVE-2017-3138). [RT #44924]
> - Some chaining (i.e., type CNAME or DNAME) responses to upstream
> queries could trigger assertion failures. This flaw is disclosed in
> CVE-2017-3137. [RT #44734]
> - dns64 with break-dnssec yes; can result in an assertion failure. This
> flaw is disclosed in CVE-2017-3136. [RT #44653]
> - If a server is configured with a response policy zone (RPZ) that
> rewrites an answer with local data, and is also configured for DNS64
> address mapping, a NULL pointer can be read triggering a server
> crash. This flaw is disclosed in CVE-2017-3135. [RT #44434]
> - A coding error in the nxdomain-redirect feature could lead to an
> assertion failure if the redirection namespace was served from a
> local authoritative data source such as a local zone or a DLZ instead
> of via recursive lookup. This flaw is disclosed in CVE-2016-9778.
> [RT #43837]
> - named could mishandle authority sections with missing RRSIGs,
> triggering an assertion failure. This flaw is disclosed in
> CVE-2016-9444. [RT #43632]
> - named mishandled some responses where covering RRSIG records were
> returned without the requested data, resulting in an assertion
> failure. This flaw is disclosed in CVE-2016-9147. [RT #43548]
> - named incorrectly tried to cache TKEY records which could trigger an
> assertion failure when there was a class mismatch. This flaw is
> disclosed in CVE-2016-9131. [RT #43522]
> - It was possible to trigger assertions when processing responses
> containing answers of type DNAME. This flaw is disclosed in
> CVE-2016-8864. [RT #43465]
> Full release notes:
> ftp://ftp.isc.org/isc/bind9/9.11.0-P5/RELEASE-NOTES-bind-9.11.0-P5.html
> Also, remove --enable-rrl configure option from bind.mk as it doesn't
> exist anymore.
> Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Committed to 2017.02.x, thanks.
--
Bye, Peter Korsgaard
prev parent reply other threads:[~2017-04-24 19:25 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-13 13:32 [Buildroot] [PATCH] bind: bump version to 9.11.0-P5 (security) Vicente Olivert Riera
2017-04-13 19:32 ` Thomas Petazzoni
2017-04-24 19:25 ` Peter Korsgaard [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=871sshwqug.fsf@dell.be.48ers.dk \
--to=peter@korsgaard.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.