<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+ <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
+ <p>
+ The BIND installer on Windows used an unquoted service path,
+ which can enable privilege escalation. This flaw is disclosed
+ in CVE-2017-3141. [RT #45229]
+ </p>
+ </li>
+<li class="listitem">
<p>
- None.
+ With certain RPZ configurations, a response with TTL 0
+ could cause <span class="command"><strong>named</strong></span> to go into an infinite
+ query loop. This flaw is disclosed in CVE-2017-3140.
+ [RT #45181]
</p>
- </li></ul></div>
+ </li>
+</ul></div>
</div>
<div class="section">
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+ <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
+ <p>
+ The BIND installer on Windows used an unquoted service path,
+ which can enable privilege escalation. This flaw is disclosed
+ in CVE-2017-3141. [RT #45229]
+ </p>
+ </li>
+<li class="listitem">
<p>
- None.
+ With certain RPZ configurations, a response with TTL 0
+ could cause <span class="command"><strong>named</strong></span> to go into an infinite
+ query loop. This flaw is disclosed in CVE-2017-3140.
+ [RT #45181]
</p>
- </li></ul></div>
+ </li>
+</ul></div>
</div>
<div class="section">
projects / thirdparty / bind9.git / commitdiff
