<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
-<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_port">Porting Changes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt>
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>
- A coding error in the <code class="option">nxdomain-redirect</code>
- feature could lead to an assertion failure if the redirection
- namespace was served from a local authoritative data source
- such as a local zone or a DLZ instead of via recursive
- lookup. This flaw is disclosed in CVE-2016-9778. [RT #43837]
+ If a server is configured with a response policy zone (RPZ)
+ that rewrites an answer with local data, and is also configured
+ for DNS64 address mapping, a NULL pointer can be read
+ triggering a server crash. This flaw is disclosed in
+ CVE-2017-3135. [RT #44434]
</p></li>
<li class="listitem"><p>
- Named could mishandle authority sections that were missing
- RRSIGs triggering an assertion failure. This flaw is
- disclosed in CVE-2016-9444. [RT # 43632]
+ <span class="command"><strong>named</strong></span> could mishandle authority sections
+ with missing RRSIGs, triggering an assertion failure. This
+ flaw is disclosed in CVE-2016-9444. [RT #43632]
</p></li>
<li class="listitem"><p>
- Named mishandled some responses where covering RRSIG
- records are returned without the requested data
- resulting in a assertion failure. This flaw is disclosed in
- CVE-2016-9147. [RT #43548]
+ <span class="command"><strong>named</strong></span> mishandled some responses where
+ covering RRSIG records were returned without the requested
+ data, resulting in an assertion failure. This flaw is
+ disclosed in CVE-2016-9147. [RT #43548]
</p></li>
<li class="listitem"><p>
- Named incorrectly tried to cache TKEY records which could
- trigger a assertion failure when there was a class mismatch.
- This flaw is disclosed in CVE-2016-9131. [RT #43522]
- </p></li>
+ <span class="command"><strong>named</strong></span> incorrectly tried to cache TKEY
+ records which could trigger an assertion failure when there was
+ a class mismatch. This flaw is disclosed in CVE-2016-9131.
+ [RT #43522]
+ </p></li>
<li class="listitem"><p>
It was possible to trigger assertions when processing
- a response. This flaw is disclosed in CVE-2016-8864. [RT #43465]
+ responses containing answers of type DNAME. This flaw is
+ disclosed in CVE-2016-8864. [RT #43465]
</p></li>
<li class="listitem"><p>
- It was possible to trigger a assertion when rendering a
+ It was possible to trigger an assertion when rendering a
message using a specially crafted request. This flaw is
disclosed in CVE-2016-2776. [RT #43139]
</p></li>
<li class="listitem"><p>
- getrrsetbyname with a non absolute name could trigger an
- infinite recursion bug in lwresd and named with lwres
- configured if when combined with a search list entry the
- resulting name is too long. This flaw is disclosed in
- CVE-2016-2775. [RT #42694]
+ Calling <span class="command"><strong>getrrsetbyname()</strong></span> with a non-
+ absolute name could trigger an infinite recursion bug in
+ <span class="command"><strong>lwresd</strong></span> or <span class="command"><strong>named</strong></span> with
+ <span class="command"><strong>lwres</strong></span> configured if, when combined with
+ a search list entry from <code class="filename">resolv.conf</code>,
+ the resulting name is too long. This flaw is disclosed in
+ CVE-2016-2775. [RT #42694]
</p></li>
</ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="relnotes_features"></a>New Features</h3></div></div></div>
-<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
- None.
- </p></li></ul></div>
-</div>
-<div class="section">
-<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
None.
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem"><p>
+ A synthesized CNAME record appearing in a response before the
+ associated DNAME could be cached, when it should not have been.
+ This was a regression introduced while addressing CVE-2016-8864.
+ [RT #44318]
+ </p></li>
<li class="listitem"><p>
Windows installs were failing due to triggering UAC without
the installation binary being signed.
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>
- A coding error in the <code class="option">nxdomain-redirect</code>
- feature could lead to an assertion failure if the redirection
- namespace was served from a local authoritative data source
- such as a local zone or a DLZ instead of via recursive
- lookup. This flaw is disclosed in CVE-2016-9778. [RT #43837]
+ If a server is configured with a response policy zone (RPZ)
+ that rewrites an answer with local data, and is also configured
+ for DNS64 address mapping, a NULL pointer can be read
+ triggering a server crash. This flaw is disclosed in
+ CVE-2017-3135. [RT #44434]
</p></li>
<li class="listitem"><p>
- Named could mishandle authority sections that were missing
- RRSIGs triggering an assertion failure. This flaw is
- disclosed in CVE-2016-9444. [RT # 43632]
+ <span class="command"><strong>named</strong></span> could mishandle authority sections
+ with missing RRSIGs, triggering an assertion failure. This
+ flaw is disclosed in CVE-2016-9444. [RT #43632]
</p></li>
<li class="listitem"><p>
- Named mishandled some responses where covering RRSIG
- records are returned without the requested data
- resulting in a assertion failure. This flaw is disclosed in
- CVE-2016-9147. [RT #43548]
+ <span class="command"><strong>named</strong></span> mishandled some responses where
+ covering RRSIG records were returned without the requested
+ data, resulting in an assertion failure. This flaw is
+ disclosed in CVE-2016-9147. [RT #43548]
</p></li>
<li class="listitem"><p>
- Named incorrectly tried to cache TKEY records which could
- trigger a assertion failure when there was a class mismatch.
- This flaw is disclosed in CVE-2016-9131. [RT #43522]
- </p></li>
+ <span class="command"><strong>named</strong></span> incorrectly tried to cache TKEY
+ records which could trigger an assertion failure when there was
+ a class mismatch. This flaw is disclosed in CVE-2016-9131.
+ [RT #43522]
+ </p></li>
<li class="listitem"><p>
It was possible to trigger assertions when processing
- a response. This flaw is disclosed in CVE-2016-8864. [RT #43465]
+ responses containing answers of type DNAME. This flaw is
+ disclosed in CVE-2016-8864. [RT #43465]
</p></li>
<li class="listitem"><p>
- It was possible to trigger a assertion when rendering a
+ It was possible to trigger an assertion when rendering a
message using a specially crafted request. This flaw is
disclosed in CVE-2016-2776. [RT #43139]
</p></li>
<li class="listitem"><p>
- getrrsetbyname with a non absolute name could trigger an
- infinite recursion bug in lwresd and named with lwres
- configured if when combined with a search list entry the
- resulting name is too long. This flaw is disclosed in
- CVE-2016-2775. [RT #42694]
+ Calling <span class="command"><strong>getrrsetbyname()</strong></span> with a non-
+ absolute name could trigger an infinite recursion bug in
+ <span class="command"><strong>lwresd</strong></span> or <span class="command"><strong>named</strong></span> with
+ <span class="command"><strong>lwres</strong></span> configured if, when combined with
+ a search list entry from <code class="filename">resolv.conf</code>,
+ the resulting name is too long. This flaw is disclosed in
+ CVE-2016-2775. [RT #42694]
</p></li>
</ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="relnotes_features"></a>New Features</h3></div></div></div>
-<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
- None.
- </p></li></ul></div>
-</div>
-<div class="section">
-<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
None.
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem"><p>
+ A synthesized CNAME record appearing in a response before the
+ associated DNAME could be cached, when it should not have been.
+ This was a regression introduced while addressing CVE-2016-8864.
+ [RT #44318]
+ </p></li>
<li class="listitem"><p>
Windows installs were failing due to triggering UAC without
the installation binary being signed.
projects / thirdparty / bind9.git / commitdiff
