<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!--
- - Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC")
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id: RELEASE-NOTES-BIND-9.6-ESV.html,v 1.1.24.3 2011/05/23 23:45:49 tbox Exp $ -->
-
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title></title><link rel="stylesheet" href="release-notes.css" type="text/css" /><meta name="generator" content="DocBook XSL Stylesheets V1.75.2" /></head><body><div class="article"><div class="titlepage"><hr /></div>
- <div class="section" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2824820"></a>Introduction</h2></div></div></div>
+ <div class="section" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2871687"></a>Introduction</h2></div></div></div>
<p>
- BIND 9.6-ESV-R5 is a maintenance release for BIND 9.6-ESV.
+ BIND 9.6-ESV-R5rc1 is the first release
+ candidate of BIND 9.6-ESV-R5.
</p>
<p>
- This document summarizes changes from BIND 9.6-ESV-R4 to BIND 9.6-ESV-R5.
+ This document summarizes changes from BIND 9.6-ESV-R4 to BIND 9.6-ESV-R5rc1.
Please see the CHANGES file in the source code release for a
complete list of all changes.
</p>
</div>
- <div class="section" title="Download"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3691321"></a>Download</h2></div></div></div>
+ <div class="section" title="Download"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3738187"></a>Download</h2></div></div></div>
<p>
The latest release of BIND 9 software can always be found
on our web site at
- <a class="ulink" href="http://www.isc.org/software/bind" target="_top">http://www.isc.org/software/bind</a>.
+ <a class="ulink" href="http://www.isc.org/downloads/all" target="_top">http://www.isc.org/downloads/all</a>.
There you will find additional information about each release,
source code, and some pre-compiled versions for certain operating
systems.
</p>
</div>
- <div class="section" title="Support"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3691366"></a>Support</h2></div></div></div>
+ <div class="section" title="Support"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3738232"></a>Support</h2></div></div></div>
<p>Product support information is available on
<a class="ulink" href="http://www.isc.org/services/support" target="_top">http://www.isc.org/services/support</a>
</p>
</div>
- <div class="section" title="New Features"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3691310"></a>New Features</h2></div></div></div>
+ <div class="section" title="New Features"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3738176"></a>New Features</h2></div></div></div>
- <div class="section" title="9.6-ESV-R5"><div class="titlepage"><div><div><h3 class="title"><a id="id2824840"></a>9.6-ESV-R5</h3></div></div></div>
+ <div class="section" title="9.6-ESV-R5rc1"><div class="titlepage"><div><div><h3 class="title"><a id="id3738244"></a>9.6-ESV-R5rc1</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
Added a tool able to generate malformed packets to allow testing
</div>
</div>
- <div class="section" title="Feature Changes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2824832"></a>Feature Changes</h2></div></div></div>
+ <div class="section" title="Security Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2871698"></a>Security Fixes</h2></div></div></div>
- <div class="section" title="9.6-ESV-R5"><div class="titlepage"><div><div><h3 class="title"><a id="id3691431"></a>9.6-ESV-R5</h3></div></div></div>
+ <div class="section" title="9.7.4rc1"><div class="titlepage"><div><div><h3 class="title"><a id="id3738297"></a>9.7.4rc1</h3></div></div></div>
+
+ <div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
+named, set up to be a caching resolver, is vulnerable to a
+user querying a domain with very large resource record sets (RRSets)
+when trying to negatively cache the response. Due to an off-by-one
+error, caching the response could cause named to crash. [RT #24650]
+[CVE-2011-1910]
+</li></ul></div>
+ </div>
+ </div>
+
+ <div class="section" title="Feature Changes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3738316"></a>Feature Changes</h2></div></div></div>
+
+ <div class="section" title="9.6-ESV-R5rc1"><div class="titlepage"><div><div><h3 class="title"><a id="id3738321"></a>9.6-ESV-R5rc1</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
Merged in the NetBSD ATF test framework (currently
</div>
</div>
- <div class="section" title="Bug Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3691458"></a>Bug Fixes</h2></div></div></div>
+ <div class="section" title="Bug Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3738348"></a>Bug Fixes</h2></div></div></div>
- <div class="section" title="9.6-ESV-R5"><div class="titlepage"><div><div><h3 class="title"><a id="id3689360"></a>9.6-ESV-R5</h3></div></div></div>
+ <div class="section" title="9.6-ESV-R5rc1"><div class="titlepage"><div><div><h3 class="title"><a id="id3738353"></a>9.6-ESV-R5rc1</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
During RFC5011 processing some journal write errors were not detected.
KSK, it would give an incorrect error "NSEC3 iterations too big for
weakest DNSKEY strength" rather than the correct "failed to find
keys at the zone apex: not found" [RT #24369]
+</li><li class="listitem">
+nsupdate could dump core on shutdown when using SIG(0) keys. [RT #24604]
+</li><li class="listitem">
+Named could fail to validate zones list in a DLV that validated insecure
+without using DLV and had DS records in the parent zone. [RT #24631]
</li></ul></div>
</div>
</div>
- <div class="section" title="Known issues in this release"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3691472"></a>Known issues in this release</h2></div></div></div>
+ <div class="section" title="Known issues in this release"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3738363"></a>Known issues in this release</h2></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
<p>
</li></ul></div>
</div>
- <div class="section" title="Thank You"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3691695"></a>Thank You</h2></div></div></div>
+ <div class="section" title="Thank You"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3738597"></a>Thank You</h2></div></div></div>
<p>
Thank you to everyone who assisted us in making this release possible.
Introduction
- BIND 9.6-ESV-R5 is a maintenance release for BIND 9.6-ESV.
+ BIND 9.6-ESV-R5rc1 is the first release candidate of BIND 9.6-ESV-R5.
This document summarizes changes from BIND 9.6-ESV-R4 to BIND
- 9.6-ESV-R5. Please see the CHANGES file in the source code release for
- a complete list of all changes.
+ 9.6-ESV-R5rc1. Please see the CHANGES file in the source code release
+ for a complete list of all changes.
Download
The latest release of BIND 9 software can always be found on our web
- site at http://www.isc.org/software/bind. There you will find
+ site at http://www.isc.org/downloads/all. There you will find
additional information about each release, source code, and some
pre-compiled versions for certain operating systems.
New Features
-9.6-ESV-R5
+9.6-ESV-R5rc1
* Added a tool able to generate malformed packets to allow testing of
how named handles them. [RT #24096]
+Security Fixes
+
+9.7.4rc1
+
+ * named, set up to be a caching resolver, is vulnerable to a user
+ querying a domain with very large resource record sets (RRSets)
+ when trying to negatively cache the response. Due to an off-by-one
+ error, caching the response could cause named to crash. [RT #24650]
+ [CVE-2011-1910]
+
Feature Changes
-9.6-ESV-R5
+9.6-ESV-R5rc1
* Merged in the NetBSD ATF test framework (currently version 0.12)
for development of future unit tests. Use configure --with-atf to
Bug Fixes
-9.6-ESV-R5
+9.6-ESV-R5rc1
* During RFC5011 processing some journal write errors were not
detected. This could lead to managed-keys changes being committed
KSK, it would give an incorrect error "NSEC3 iterations too big for
weakest DNSKEY strength" rather than the correct "failed to find
keys at the zone apex: not found" [RT #24369]
+ * nsupdate could dump core on shutdown when using SIG(0) keys. [RT
+ #24604]
+ * Named could fail to validate zones list in a DLV that validated
+ insecure without using DLV and had DS records in the parent zone.
+ [RT #24631]
Known issues in this release
<?xml version="1.0" encoding="UTF-8"?>
-<!--
- - Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC")
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id: RELEASE-NOTES-BIND-9.6-ESV.xml,v 1.1.2.2 2011/05/23 23:45:49 tbox Exp $ -->
-
<article xmlns="http://docbook.org/ns/docbook"
xmlns:xl="http://www.w3.org/1999/xlink" version="5.0">
projects / thirdparty / bind9.git / commitdiff
