<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!--
- - Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC")
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id: RELEASE-NOTES-BIND-9.6-ESV.html,v 1.1.24.5 2011/05/31 00:51:09 tbox Exp $ -->
-
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title></title><link rel="stylesheet" href="release-notes.css" type="text/css" /><meta name="generator" content="DocBook XSL Stylesheets V1.75.2" /></head><body><div class="article"><div class="titlepage"><hr /></div>
- <div class="section" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2871687"></a>Introduction</h2></div></div></div>
+ <div class="section" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id1397648"></a>Introduction</h2></div></div></div>
<p>
BIND 9.6-ESV-R5rc1 is the first release
</p>
</div>
- <div class="section" title="Download"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3738187"></a>Download</h2></div></div></div>
+ <div class="section" title="Download"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id1397612"></a>Download</h2></div></div></div>
<p>
The latest release of BIND 9 software can always be found
</p>
</div>
- <div class="section" title="Support"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3738232"></a>Support</h2></div></div></div>
+ <div class="section" title="Support"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id1397703"></a>Support</h2></div></div></div>
<p>Product support information is available on
<a class="ulink" href="http://www.isc.org/services/support" target="_top">http://www.isc.org/services/support</a>
</p>
</div>
- <div class="section" title="New Features"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3738176"></a>New Features</h2></div></div></div>
+ <div class="section" title="New Features"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id1397838"></a>New Features</h2></div></div></div>
- <div class="section" title="9.6-ESV-R5rc1"><div class="titlepage"><div><div><h3 class="title"><a id="id3738244"></a>9.6-ESV-R5rc1</h3></div></div></div>
+ <div class="section" title="9.6-ESV-R5rc1"><div class="titlepage"><div><div><h3 class="title"><a id="id1397843"></a>9.6-ESV-R5rc1</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
Added a tool able to generate malformed packets to allow testing
</div>
</div>
- <div class="section" title="Security Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2871698"></a>Security Fixes</h2></div></div></div>
+ <div class="section" title="Security Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id1397763"></a>Security Fixes</h2></div></div></div>
- <div class="section" title="9.7.4rc1"><div class="titlepage"><div><div><h3 class="title"><a id="id3738297"></a>9.7.4rc1</h3></div></div></div>
+ <div class="section" title="9.6-ESV-R5rc1"><div class="titlepage"><div><div><h3 class="title"><a id="id1397821"></a>9.6-ESV-R5rc1</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
+Change #2912 (see CHANGES) exposed a latent bug in the DNS message
+processing code that could allow certain UPDATE requests to crash named.
+[RT #24777] [CVE-2011-2464]
+</li><li class="listitem">
named, set up to be a caching resolver, is vulnerable to a
user querying a domain with very large resource record sets (RRSets)
when trying to negatively cache the response. Due to an off-by-one
</div>
</div>
- <div class="section" title="Feature Changes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3738316"></a>Feature Changes</h2></div></div></div>
+ <div class="section" title="Feature Changes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id1397866"></a>Feature Changes</h2></div></div></div>
- <div class="section" title="9.6-ESV-R5rc1"><div class="titlepage"><div><div><h3 class="title"><a id="id3738321"></a>9.6-ESV-R5rc1</h3></div></div></div>
+ <div class="section" title="9.6-ESV-R5rc1"><div class="titlepage"><div><div><h3 class="title"><a id="id1397871"></a>9.6-ESV-R5rc1</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
Merged in the NetBSD ATF test framework (currently
</div>
</div>
- <div class="section" title="Bug Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3738348"></a>Bug Fixes</h2></div></div></div>
+ <div class="section" title="Bug Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id1397893"></a>Bug Fixes</h2></div></div></div>
- <div class="section" title="9.6-ESV-R5rc1"><div class="titlepage"><div><div><h3 class="title"><a id="id3738353"></a>9.6-ESV-R5rc1</h3></div></div></div>
+ <div class="section" title="9.6-ESV-R5rc1"><div class="titlepage"><div><div><h3 class="title"><a id="id1397899"></a>9.6-ESV-R5rc1</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
+Improved the mechanism for flagging database entries as negative
+cache records; the former method, RR type 0, could be ambiguous.
+[RT #24777]
+</li><li class="listitem">
During RFC5011 processing some journal write errors were not detected.
This could lead to managed-keys changes being committed but not
recorded in the journal files, causing potential inconsistencies
</div>
</div>
- <div class="section" title="Known issues in this release"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3738363"></a>Known issues in this release</h2></div></div></div>
+ <div class="section" title="Known issues in this release"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id1398060"></a>Known issues in this release</h2></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
<p>
</li></ul></div>
</div>
- <div class="section" title="Thank You"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3738597"></a>Thank You</h2></div></div></div>
+ <div class="section" title="Thank You"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id1398098"></a>Thank You</h2></div></div></div>
<p>
Thank you to everyone who assisted us in making this release possible.
Security Fixes
-9.7.4rc1
+9.6-ESV-R5rc1
+ * Change #2912 (see CHANGES) exposed a latent bug in the DNS message
+ processing code that could allow certain UPDATE requests to crash
+ named. [RT #24777] [CVE-2011-2464]
* named, set up to be a caching resolver, is vulnerable to a user
querying a domain with very large resource record sets (RRSets)
when trying to negatively cache the response. Due to an off-by-one
9.6-ESV-R5rc1
+ * Improved the mechanism for flagging database entries as negative
+ cache records; the former method, RR type 0, could be ambiguous.
+ [RT #24777]
* During RFC5011 processing some journal write errors were not
detected. This could lead to managed-keys changes being committed
but not recorded in the journal files, causing potential
<?xml version="1.0" encoding="UTF-8"?>
-<!--
- - Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC")
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id: RELEASE-NOTES-BIND-9.6-ESV.xml,v 1.1.2.4 2011/05/31 00:51:10 tbox Exp $ -->
-
<article xmlns="http://docbook.org/ns/docbook"
xmlns:xl="http://www.w3.org/1999/xlink" version="5.0">
<section>
<title>Introduction</title>
<para>
- BIND 9.6-ESV-R5 is a maintenance release for BIND 9.6-ESV.
+ BIND 9.6-ESV-R5rc1 is the first release
+ candidate of BIND 9.6-ESV-R5.
</para>
<para>
- This document summarizes changes from BIND 9.6-ESV-R4 to BIND 9.6-ESV-R5.
+ This document summarizes changes from BIND 9.6-ESV-R4 to BIND 9.6-ESV-R5rc1.
Please see the CHANGES file in the source code release for a
complete list of all changes.
</para>
<para>
The latest release of BIND 9 software can always be found
on our web site at
- <link xl:href="http://www.isc.org/software/bind">http://www.isc.org/software/bind</link>.
+ <link xl:href="http://www.isc.org/downloads/all">http://www.isc.org/downloads/all</link>.
There you will find additional information about each release,
source code, and some pre-compiled versions for certain operating
systems.
<section>
<title>New Features</title>
<section>
- <title>9.6-ESV-R5</title>
+ <title>9.6-ESV-R5rc1</title>
<itemizedlist>
<listitem>
Added a tool able to generate malformed packets to allow testing
</section>
</section>
+ <section>
+ <title>Security Fixes</title>
+ <section>
+ <title>9.6-ESV-R5rc1</title>
+ <itemizedlist>
+<listitem>
+Change #2912 (see CHANGES) exposed a latent bug in the DNS message
+processing code that could allow certain UPDATE requests to crash named.
+[RT #24777] [CVE-2011-2464]
+</listitem>
+<listitem>
+named, set up to be a caching resolver, is vulnerable to a
+user querying a domain with very large resource record sets (RRSets)
+when trying to negatively cache the response. Due to an off-by-one
+error, caching the response could cause named to crash. [RT #24650]
+[CVE-2011-1910]
+</listitem>
+ </itemizedlist>
+ </section>
+ </section>
+
<section>
<title>Feature Changes</title>
<section>
- <title>9.6-ESV-R5</title>
+ <title>9.6-ESV-R5rc1</title>
<itemizedlist>
<listitem>
Merged in the NetBSD ATF test framework (currently
<section>
<title>Bug Fixes</title>
<section>
- <title>9.6-ESV-R5</title>
+ <title>9.6-ESV-R5rc1</title>
<itemizedlist>
<listitem>
+Improved the mechanism for flagging database entries as negative
+cache records; the former method, RR type 0, could be ambiguous.
+[RT #24777]
+</listitem>
+<listitem>
During RFC5011 processing some journal write errors were not detected.
This could lead to managed-keys changes being committed but not
recorded in the journal files, causing potential inconsistencies
conf file isn't a plain file. (RT #22771]
</listitem>
<listitem>
+After an external code review, a code cleanup was done. [RT #22521]
+</listitem>
+<listitem>
named now forces the ADB cache time for glue related data to zero
instead of relying on TTL. This corrects problematic behavior in cases
where a server was authoritative for the A record of a nameserver for a
fatal in 9.7) to match behaviour for 9.4. [RT #22905]
</listitem>
<listitem>
-Fixed precedence order bug with NS and DNAME records if both are present.
-[RT #23035]
+Fixed precedence order bug with NS and DNAME records if both are
+present. (Also fixed timing of autosign test in 9.7+) [RT #23035]
</listitem>
<listitem>
The secure zone update feature in named is based on the zone being
KSK, it would give an incorrect error "NSEC3 iterations too big for
weakest DNSKEY strength" rather than the correct "failed to find
keys at the zone apex: not found" [RT #24369]
+</listitem>
+<listitem>
+nsupdate could dump core on shutdown when using SIG(0) keys. [RT #24604]
+</listitem>
+<listitem>
+Named could fail to validate zones list in a DLV that validated insecure
+without using DLV and had DS records in the parent zone. [RT #24631]
</listitem>
</itemizedlist>
</section>
projects / thirdparty / bind9.git / commitdiff
