<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!--
- - Copyright (C) 2010, 2011 Internet Systems Consortium, Inc. ("ISC")
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id: RELEASE-NOTES-BIND-9.4-ESV.html,v 1.1.2.6 2011/05/24 00:16:01 tbox Exp $ -->
-
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title></title><link rel="stylesheet" href="release-notes.css" type="text/css" /><meta name="generator" content="DocBook XSL Stylesheets V1.75.2" /></head><body><div class="article"><div class="titlepage"><hr /></div>
- <div class="section" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2601536"></a>Introduction</h2></div></div></div>
+ <div class="section" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2691638"></a>Introduction</h2></div></div></div>
<p>
- BIND 9.4-ESV-R5 is a maintenance release for BIND 9.4-ESV.
+ BIND 9.4-ESV-R5rc1 is the first release
+ candidate of BIND 9.4-ESV-R5.
</p>
<p>
- This document summarizes changes from BIND 9.4-ESV-R4 to BIND 9.4-ESV-R5.
+ This document summarizes changes from BIND 9.4-ESV-R4 to BIND 9.4-ESV-R5rc1.
Please see the CHANGES file in the source code release for a
complete list of all changes.
</p>
</div>
- <div class="section" title="Download"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3468037"></a>Download</h2></div></div></div>
+ <div class="section" title="Download"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3558148"></a>Download</h2></div></div></div>
<p>
The latest release of BIND 9 software can always be found
on our web site at
- <a class="ulink" href="http://www.isc.org/software/bind" target="_top">http://www.isc.org/software/bind</a>.
+ <a class="ulink" href="http://www.isc.org/downloads/all" target="_top">http://www.isc.org/downloads/all</a>.
There you will find additional information about each release,
source code, and some pre-compiled versions for certain operating
systems.
</p>
</div>
- <div class="section" title="Support"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3468082"></a>Support</h2></div></div></div>
+ <div class="section" title="Support"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2691576"></a>Support</h2></div></div></div>
<p>Product support information is available on
<a class="ulink" href="http://www.isc.org/services/support" target="_top">http://www.isc.org/services/support</a>
</p>
</div>
- <div class="section" title="New Features"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3468026"></a>New Features</h2></div></div></div>
+ <div class="section" title="New Features"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3558212"></a>New Features</h2></div></div></div>
- <div class="section" title="9.4-ESV-R5"><div class="titlepage"><div><div><h3 class="title"><a id="id3468048"></a>9.4-ESV-R5</h3></div></div></div>
+ <div class="section" title="9.4-ESV-R5rc1"><div class="titlepage"><div><div><h3 class="title"><a id="id3558218"></a>9.4-ESV-R5rc1</h3></div></div></div>
<p>None.</p>
</div>
</div>
- <div class="section" title="Feature Changes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2601537"></a>Feature Changes</h2></div></div></div>
+ <div class="section" title="Feature Changes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3558228"></a>Feature Changes</h2></div></div></div>
- <div class="section" title="9.4-ESV-R5"><div class="titlepage"><div><div><h3 class="title"><a id="id3468141"></a>9.4-ESV-R5</h3></div></div></div>
+ <div class="section" title="9.4-ESV-R5rc1"><div class="titlepage"><div><div><h3 class="title"><a id="id3558234"></a>9.4-ESV-R5rc1</h3></div></div></div>
<p>None.</p>
</div>
</div>
- <div class="section" title="Security Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3468153"></a>Security Fixes</h2></div></div></div>
+ <div class="section" title="Security Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3558244"></a>Security Fixes</h2></div></div></div>
- <div class="section" title="9.4-ESV-R5"><div class="titlepage"><div><div><h3 class="title"><a id="id3468158"></a>9.4-ESV-R5</h3></div></div></div>
+ <div class="section" title="9.4-ESV-R5rc1"><div class="titlepage"><div><div><h3 class="title"><a id="id3558250"></a>9.4-ESV-R5rc1</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled allows
for a TCP DoS attack. Until there is a kernel fix, ISC is disabling
SO_ACCEPTFILTER support in BIND. [RT #22589]
+</li><li class="listitem">
+named, set up to be a caching resolver, is vulnerable to a
+user querying a domain with very large resource record sets (RRSets)
+when trying to negatively cache the response. Due to an off-by-one
+error, caching the response could cause named to crash. [RT #24650]
+[CVE-2011-1910]
</li></ul></div>
</div>
</div>
- <div class="section" title="Bug Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3468175"></a>Bug Fixes</h2></div></div></div>
+ <div class="section" title="Bug Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3558275"></a>Bug Fixes</h2></div></div></div>
- <div class="section" title="9.4-ESV-R5"><div class="titlepage"><div><div><h3 class="title"><a id="id3468180"></a>9.4-ESV-R5</h3></div></div></div>
+ <div class="section" title="9.4-ESV-R5rc1"><div class="titlepage"><div><div><h3 class="title"><a id="id3558280"></a>9.4-ESV-R5rc1</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
During RFC5011 processing some journal write errors were not detected.
The autosign tests attempted to open ports within reserved ranges. Test
now avoids those ports.
[RT #23957]
+</li><li class="listitem">
+Named could fail to validate zones list in a DLV that validated insecure
+without using DLV and had DS records in the parent zone. [RT #24631]
</li></ul></div>
</div>
</div>
- <div class="section" title="Thank You"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3468296"></a>Thank You</h2></div></div></div>
+ <div class="section" title="Thank You"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3558396"></a>Thank You</h2></div></div></div>
<p>
Thank you to everyone who assisted us in making this release possible.
Introduction
- BIND 9.4-ESV-R5 is a maintenance release for BIND 9.4-ESV.
+ BIND 9.4-ESV-R5rc1 is the first release candidate of BIND 9.4-ESV-R5.
This document summarizes changes from BIND 9.4-ESV-R4 to BIND
- 9.4-ESV-R5. Please see the CHANGES file in the source code release for
- a complete list of all changes.
+ 9.4-ESV-R5rc1. Please see the CHANGES file in the source code release
+ for a complete list of all changes.
Download
The latest release of BIND 9 software can always be found on our web
- site at http://www.isc.org/software/bind. There you will find
+ site at http://www.isc.org/downloads/all. There you will find
additional information about each release, source code, and some
pre-compiled versions for certain operating systems.
New Features
-9.4-ESV-R5
+9.4-ESV-R5rc1
None.
Feature Changes
-9.4-ESV-R5
+9.4-ESV-R5rc1
None.
Security Fixes
-9.4-ESV-R5
+9.4-ESV-R5rc1
* A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled
allows for a TCP DoS attack. Until there is a kernel fix, ISC is
disabling SO_ACCEPTFILTER support in BIND. [RT #22589]
+ * named, set up to be a caching resolver, is vulnerable to a user
+ querying a domain with very large resource record sets (RRSets)
+ when trying to negatively cache the response. Due to an off-by-one
+ error, caching the response could cause named to crash. [RT #24650]
+ [CVE-2011-1910]
Bug Fixes
-9.4-ESV-R5
+9.4-ESV-R5rc1
* During RFC5011 processing some journal write errors were not
detected. This could lead to managed-keys changes being committed
setup.sh in order to resolve changing named.conf issue. [RT #23687]
* The autosign tests attempted to open ports within reserved ranges.
Test now avoids those ports. [RT #23957]
+ * Named could fail to validate zones list in a DLV that validated
+ insecure without using DLV and had DS records in the parent zone.
+ [RT #24631]
Thank You
projects / thirdparty / bind9.git / commitdiff
