diff --git a/README b/README index 153a4531a8..781bb2d468 100644 --- a/README +++ b/README @@ -103,8 +103,8 @@ BIND 9.11.0 to be added. This can be disabled with "check-names no". This release addresses the security flaws described in - CVE-2014-3214, CVE-2014-3859, CVE-2014-8500, CVE-2014-8680 and - CVE-2015-1349. + CVE-2014-3214, CVE-2014-3859, CVE-2014-8500, CVE-2014-8680, + CVE-2015-1349 and CVE-2015-5477. BIND 9.10.0 diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml index 1270c61a54..2804119818 100644 --- a/doc/arm/notes.xml +++ b/doc/arm/notes.xml @@ -38,16 +38,26 @@ Security Fixes + + + A specially crafted query could trigger an assertion failure + in message.c. + + + This flaw was discovered by Jonathan Foote, and is disclosed + in CVE-2015-5477. [RT #39795] + + On servers configured to perform DNSSEC validation, an assertion failure could be triggered on answers from a specially configured server. - + This flaw was discovered by Breno Silveira Soares, and is disclosed in CVE-2015-4620. [RT #39795] - + @@ -122,7 +132,7 @@ vehicle for such an attack. - + limits the number of simultaneous queries that can be sent to any single @@ -133,7 +143,7 @@ option. - + limits the number of simultaneous queries that can be sent for names within a @@ -160,7 +170,7 @@ >http://localhost:8888/xml/v3/traffic or http://localhost:8888/json/v1/traffic. + >http://localhost:8888/json/v1/traffic. @@ -665,10 +675,10 @@ - + Built-in "empty" zones did not correctly inherit the "allow-transfer" ACL from the options or view. [RT #38310] - + @@ -707,7 +717,7 @@ Several bugs have been fixed in the RPZ implementation: - + Policy zones that did not specifically require recursion could be treated as if they did; consequently, setting