<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+ <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
+ <p>
+ When answering authoritative queries, <span class="command"><strong>named</strong></span>
+ does not return the target of a cross-zone CNAME between two
+ locally served zones; this prevents accidental cache poisoning.
+ This same restriction was incorrectly applied to recursive
+ queries as well; this has been fixed. [RT #47078]
+ </p>
+ </li>
+<li class="listitem">
<p>
Attempting to validate improperly unsigned CNAME responses
from secure zones could cause a validator loop. This caused
of encountering the crash bug described in CVE-2017-3145.
[RT #46839]
</p>
- </li></ul></div>
+ </li>
+</ul></div>
</div>
<div class="section">
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+ <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
+ <p>
+ When answering authoritative queries, <span class="command"><strong>named</strong></span>
+ does not return the target of a cross-zone CNAME between two
+ locally served zones; this prevents accidental cache poisoning.
+ This same restriction was incorrectly applied to recursive
+ queries as well; this has been fixed. [RT #47078]
+ </p>
+ </li>
+<li class="listitem">
<p>
Attempting to validate improperly unsigned CNAME responses
from secure zones could cause a validator loop. This caused
of encountering the crash bug described in CVE-2017-3145.
[RT #46839]
</p>
- </li></ul></div>
+ </li>
+</ul></div>
</div>
<div class="section">
projects / thirdparty / bind9.git / commitdiff
