<title>Security Fixes</title>
<itemizedlist>
<listitem>
- <para>None</para>
+ <para>
+ A flaw in delegation handling could be exploited to put
+ <command>named</command> into an infinite loop, in which
+ each lookup of a name server triggered additional lookups
+ of more name servers. This has been addressed by placing
+ limits on the number of levels of recursion
+ <command>named</command> will allow (default 7), and
+ on the number of queries that it will send before
+ terminating a recursive query (default 50).
+ </para>
+ <para>
+ The recursion depth limit is configured via the
+ <option>max-recursion-depth</option> option, and the query limit
+ via the <option>max-recursion-queries</option> option.
+ </para>
+ <para>
+ The flaw was discovered by Florian Maury of ANSSI, and is
+ disclosed in CVE-2014-8500. [RT #37580]
+ </para>
</listitem>
<listitem>
- <para>
- Errors reported when running <command>rndc addzone</command>
- (e.g., when a zone file cannot be loaded) have been clarified
- to make it easier to diagnose problems.
- </para>
+ <para>
+ Two separate problems were identified in BIND's GeoIP code that
+ could lead to an assertion failure. One was triggered by use of
+ both IPv4 and IPv6 address families, the other by referencing
+ a GeoIP database in <filename>named.conf</filename> which was
+ not installed. Both are covered by CVE-2014-8680. [RT #37672]
+ [RT #37679]
+ </para>
+ <para>
+ A less serious security flaw was also found in GeoIP: changes
+ to the <command>geoip-directory</command> option in
+ <filename>named.conf</filename> were ignored when running
+ <command>rndc reconfig</command>. In theory, this could allow
+ <command>named</command> to allow access to unintended clients.
+ </para>
</listitem>
</itemizedlist>
</sect2>
truncated output.)
</para>
</listitem>
+ <listitem>
+ <para>
+ Errors reported when running <command>rndc addzone</command>
+ (e.g., when a zone file cannot be loaded) have been clarified
+ to make it easier to diagnose problems.
+ </para>
+ </listitem>
</itemizedlist>
</sect2>
<sect2 id="relnotes_bugs">