mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-01 06:55:30 +00:00
Code Issues Releases Wiki Activity

add CVE-2015-5477

Browse Source
This commit is contained in:
Mark Andrews
2015-07-15 07:51:06 +10:00
parent 13c55f6a60
commit c5eb9add52
2 changed files with 20 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
README
View File

@@ -103,8 +103,8 @@ BIND 9.11.0
to be added. This can be disabled with "check-names no". to be added. This can be disabled with "check-names no".
This release addresses the security flaws described in This release addresses the security flaws described in
CVE-2014-3214, CVE-2014-3859, CVE-2014-8500, CVE-2014-8680 and CVE-2014-3214, CVE-2014-3859, CVE-2014-8500, CVE-2014-8680,
CVE-2015-1349. CVE-2015-1349 and CVE-2015-5477.
BIND 9.10.0 BIND 9.10.0

26
doc/arm/notes.xml
View File

@@ -38,16 +38,26 @@
<sect2 id="relnotes_security"> <sect2 id="relnotes_security">
<title>Security Fixes</title> <title>Security Fixes</title>
<itemizedlist> <itemizedlist>
<listitem>
<para>
A specially crafted query could trigger an assertion failure
in message.c.
</para>
<para>
This flaw was discovered by Jonathan Foote, and is disclosed
in CVE-2015-5477. [RT #39795]
</para>
</listitem>
<listitem> <listitem>
<para> <para>
On servers configured to perform DNSSEC validation, an On servers configured to perform DNSSEC validation, an
assertion failure could be triggered on answers from assertion failure could be triggered on answers from
a specially configured server. a specially configured server.
</para> </para>
<para> <para>
This flaw was discovered by Breno Silveira Soares, and is This flaw was discovered by Breno Silveira Soares, and is
disclosed in CVE-2015-4620. [RT #39795] disclosed in CVE-2015-4620. [RT #39795]
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
@@ -122,7 +132,7 @@
vehicle for such an attack. vehicle for such an attack.
</para> </para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para> <para>
<option>fetches-per-server</option> limits the number of <option>fetches-per-server</option> limits the number of
simultaneous queries that can be sent to any single simultaneous queries that can be sent to any single
@@ -133,7 +143,7 @@
<option>fetch-quota-params</option> option. <option>fetch-quota-params</option> option.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<option>fetches-per-zone</option> limits the number of <option>fetches-per-zone</option> limits the number of
simultaneous queries that can be sent for names within a simultaneous queries that can be sent for names within a
@@ -160,7 +170,7 @@
>http://localhost:8888/xml/v3/traffic</ulink> >http://localhost:8888/xml/v3/traffic</ulink>
or or
<ulink url="http://localhost:8888/json/v1/traffic" <ulink url="http://localhost:8888/json/v1/traffic"
>http://localhost:8888/json/v1/traffic</ulink>. >http://localhost:8888/json/v1/traffic</ulink>.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
@@ -665,10 +675,10 @@
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
Built-in "empty" zones did not correctly inherit the Built-in "empty" zones did not correctly inherit the
"allow-transfer" ACL from the options or view. [RT #38310] "allow-transfer" ACL from the options or view. [RT #38310]
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
@@ -707,7 +717,7 @@
Several bugs have been fixed in the RPZ implementation: Several bugs have been fixed in the RPZ implementation:
</para> </para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para> <para>
Policy zones that did not specifically require recursion Policy zones that did not specifically require recursion
could be treated as if they did; consequently, setting could be treated as if they did; consequently, setting