</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
<div class="toc">
<p><b>Table of Contents</b></p>
<dl class="toc">
-<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.5</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.5-P1</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#root_key">New DNSSEC Root Key</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
-<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt>
-<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>
-<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt>
-<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_maint">Maintenance</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#end_of_life">End of Life</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_thanks">Thank You</a></span></dt>
</dl></dd>
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.10.2"></a>Release Notes for BIND Version 9.10.5</h2></div></div></div>
+<a name="id-1.10.2"></a>Release Notes for BIND Version 9.10.5-P1</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
<p>
- This document summarizes changes since the last production
- release on the BIND 9.10 branch.
- Please see the <code class="filename">CHANGES</code> file for a further
- list of bug fixes and other changes.
+ This document summarizes changes since BIND 9.10.5:
+ </p>
+ <p>
+ BIND 9.10.5-P1 addresses the security issues described in
+ CVE-2017-3140 and CVE-2017-3141.
</p>
</div>
+
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_download"></a>Download</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
- <span class="command"><strong>rndc ""</strong></span> could trigger an assertion failure
- in <span class="command"><strong>named</strong></span>. This flaw is disclosed in
- (CVE-2017-3138). [RT #44924]
- </p>
- </li>
-<li class="listitem">
- <p>
- Some chaining (i.e., type CNAME or DNAME) responses to upstream
- queries could trigger assertion failures. This flaw is disclosed
- in CVE-2017-3137. [RT #44734]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>dns64</strong></span> with <span class="command"><strong>break-dnssec yes;</strong></span>
- can result in an assertion failure. This flaw is disclosed in
- CVE-2017-3136. [RT #44653]
- </p>
- </li>
-<li class="listitem">
- <p>
- If a server is configured with a response policy zone (RPZ)
- that rewrites an answer with local data, and is also configured
- for DNS64 address mapping, a NULL pointer can be read
- triggering a server crash. This flaw is disclosed in
- CVE-2017-3135. [RT #44434]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> could mishandle authority sections
- with missing RRSIGs, triggering an assertion failure. This
- flaw is disclosed in CVE-2016-9444. [RT #43632]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> mishandled some responses where
- covering RRSIG records were returned without the requested
- data, resulting in an assertion failure. This flaw is
- disclosed in CVE-2016-9147. [RT #43548]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> incorrectly tried to cache TKEY
- records which could trigger an assertion failure when there was
- a class mismatch. This flaw is disclosed in CVE-2016-9131.
- [RT #43522]
- </p>
- </li>
-<li class="listitem">
- <p>
- It was possible to trigger assertions when processing
- responses containing answers of type DNAME. This flaw is
- disclosed in CVE-2016-8864. [RT #43465]
- </p>
- </li>
-<li class="listitem">
- <p>
- Added the ability to specify the maximum number of records
- permitted in a zone (<code class="option">max-records #;</code>).
- This provides a mechanism to block overly large zone
- transfers, which is a potential risk with slave zones from
- other parties, as described in CVE-2016-6170.
- [RT #42143]
- </p>
- </li>
-<li class="listitem">
- <p>
- It was possible to trigger an assertion when rendering a
- message using a specially crafted request. This flaw is
- disclosed in CVE-2016-2776. [RT #43139]
- </p>
- </li>
-<li class="listitem">
- <p>
- Calling <span class="command"><strong>getrrsetbyname()</strong></span> with a non
- absolute name could trigger an infinite recursion bug in
- <span class="command"><strong>lwresd</strong></span> or <span class="command"><strong>named</strong></span> with
- <span class="command"><strong>lwres</strong></span> configured if, when combined with
- a search list entry from <code class="filename">resolv.conf</code>,
- the resulting name is too long. This flaw is disclosed in
- CVE-2016-2775. [RT #42694]
- </p>
- </li>
-</ul></div>
- </div>
-
- <div class="section">
-<div class="titlepage"><div><div><h3 class="title">
-<a name="relnotes_features"></a>New Features</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> now provides feedback to the
- owners of zones which have trust anchors configured
- (<span class="command"><strong>trusted-keys</strong></span>,
- <span class="command"><strong>managed-keys</strong></span>, <span class="command"><strong>dnssec-validation
- auto;</strong></span> and <span class="command"><strong>dnssec-lookaside auto;</strong></span>)
- by sending a daily query which encodes the keyids of the
- configured trust anchors for the zone. This is controlled
- by <span class="command"><strong>trust-anchor-telemetry</strong></span> and defaults
- to yes.
+ The BIND installer on Windows used an unquoted service path,
+ which can enable privilege escalation. This flaw is disclosed
+ in CVE-2017-3141. [RT #45229]
</p>
</li>
<li class="listitem">
<p>
- A new <span class="command"><strong>tcp-only</strong></span> option has been added to
- <span class="command"><strong>server</strong></span> clauses, to indicate that UDP should
- not be used when sending queries to a specified IP address or
- prefix.
+ With certain RPZ configurations, a response with TTL 0
+ could cause <span class="command"><strong>named</strong></span> to go into an infinite
+ query loop. This flaw is disclosed in CVE-2017-3140.
+ [RT #45181]
</p>
</li>
</ul></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
-<li class="listitem">
- <p>
- The ISC DNSSEC Lookaside Validation (DLV) service is scheduled
- to be disabled in 2017. A warning is now logged when
- <span class="command"><strong>named</strong></span> is configured to use this service,
- either explicitly or via <code class="option">dnssec-lookaside auto;</code>.
- [RT #42207]
- </p>
- </li>
-<li class="listitem">
- <p>
- If an ACL is specified with an address prefix in which the
- prefix length is longer than the address portion (for example,
- 192.0.2.1/8), <span class="command"><strong>named</strong></span> will now log a warning.
- In future releases this will be a fatal configuration error.
- [RT #43367]
- </p>
- </li>
-</ul></div>
- </div>
-
- <div class="section">
-<div class="titlepage"><div><div><h3 class="title">
-<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
-<li class="listitem">
- <p>
- A synthesized CNAME record appearing in a response before the
- associated DNAME could be cached, when it should not have been.
- This was a regression introduced while addressing CVE-2016-8864.
- [RT #44318]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> could deadlock if multiple changes
- to NSEC/NSEC3 parameters for the same zone were being processed
- at the same time. [RT #42770]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> could trigger an assertion when
- sending NOTIFY messages. [RT #44019]
- </p>
- </li>
-<li class="listitem">
- <p>
- Fixed a crash when calling <span class="command"><strong>rndc stats</strong></span> on some
- Windows builds: some Visual Studio compilers generate code that
- crashes when the "%z" printf() format specifier is used. [RT #42380]
- </p>
- </li>
-<li class="listitem">
- <p>
- Windows installs were failing due to triggering UAC without
- the installation binary being signed.
- </p>
- </li>
-<li class="listitem">
- <p>
- A change in the internal binary representation of the RBT database
- node structure enabled a race condition to occur (especially when
- BIND was built with certain compilers or optimizer settings),
- leading to inconsistent database state which caused random
- assertion failures. [RT #42380]
- </p>
- </li>
-<li class="listitem">
- <p>
- Referencing a nonexistent zone in a <span class="command"><strong>response-policy</strong></span>
- statement could cause an assertion failure during configuration.
- [RT #43787]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>rndc addzone</strong></span> could cause a crash
- when attempting to add a zone with a type other than
- <span class="command"><strong>master</strong></span> or <span class="command"><strong>slave</strong></span>.
- Such zones are now rejected. [RT #43665]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> could hang when encountering log
- file names with large apparent gaps in version number (for
- example, when files exist called "logfile.0", "logfile.1",
- and "logfile.1482954169"). This is now handled correctly.
- [RT #38688]
- </p>
- </li>
-<li class="listitem">
- <p>
- If a zone was updated while <span class="command"><strong>named</strong></span> was
- processing a query for nonexistent data, it could return
- out-of-sync NSEC3 records causing potential DNSSEC validation
- failure. [RT #43247]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> could crash when loading a zone
- which had RRISG records whose expiry fields were far enough
- apart to cause an integer overflow when comparing them.
- [RT #40571]
- </p>
- </li>
-<li class="listitem">
- <p>
- The <span class="command"><strong>arpaname</strong></span> and <span class="command"><strong>named-rrchecker</strong></span>
- commands were not installed into the correct
- <span class="command"><strong>prefix</strong></span><code class="filename">/bin</code> directory.
- [RT #42910]
- </p>
- </li>
-<li class="listitem">
- <p>
- When receiving a response from an authoritative server with
- a TTL value of zero, <span class="command"><strong>named></strong></span> will now only use
- that response once, to answer the currently active clients that
- were waiting for it. Previously, such response could be cached
- and reused for up to one second. [RT #42142]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named-checkconf</strong></span> now checks the
- <span class="command"><strong>rate-limit</strong></span> clause for correctness.
- [RT #42970]
- </p>
- </li>
-<li class="listitem">
- <p>
- Corrected a bug in the <span class="command"><strong>rndc</strong></span> control channel
- that could allow a read past the end of a buffer, crashing
- <span class="command"><strong>named</strong></span>. Thanks to Lian Yihan for reporting
- this error.
- </p>
- </li>
-</ul></div>
- </div>
-
- <div class="section">
-<div class="titlepage"><div><div><h3 class="title">
-<a name="relnotes_maint"></a>Maintenance</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
- <p>
- The built-in root hints have been updated to include
- IPv6 addresses for B.ROOT-SERVERS.NET (2001:500:84::b),
- E.ROOT-SERVERS.NET (2001:500:a8::e) and
- G.ROOT-SERVERS.NET (2001:500:12::d0d).
- </p>
- </li></ul></div>
- </div>
-
- <div class="section">
-<div class="titlepage"><div><div><h3 class="title">
<a name="end_of_life"></a>End of Life</h3></div></div></div>
<p>
The end of life for BIND 9.10 is yet to be determined but
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
<div>
<div><h1 class="title">
<a name="id-1"></a>BIND 9 Administrator Reference Manual</h1></div>
-<div><p class="releaseinfo">BIND Version 9.10.5</p></div>
+<div><p class="releaseinfo">BIND Version 9.10.5-P1</p></div>
<div><p class="copyright">Copyright © 2004-2016 Internet Systems Consortium, Inc. ("ISC")</p></div>
<div><p class="copyright">Copyright © 2000-2003 Internet Software Consortium.</p></div>
</div>
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Release Notes</a></span></dt>
<dd><dl>
-<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.5</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.5-P1</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#root_key">New DNSSEC Root Key</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
-<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt>
-<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>
-<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt>
-<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_maint">Maintenance</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#end_of_life">End of Life</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_thanks">Thank You</a></span></dt>
</dl></dd>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5-P1</p>
</body>
</html>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.2"></a>Release Notes for BIND Version 9.10.5</h2></div></div></div>
+<a name="id-1.2"></a>Release Notes for BIND Version 9.10.5-P1</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
<p>
- This document summarizes changes since the last production
- release on the BIND 9.10 branch.
- Please see the <code class="filename">CHANGES</code> file for a further
- list of bug fixes and other changes.
+ This document summarizes changes since BIND 9.10.5:
+ </p>
+ <p>
+ BIND 9.10.5-P1 addresses the security issues described in
+ CVE-2017-3140 and CVE-2017-3141.
</p>
</div>
+
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_download"></a>Download</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
- <span class="command"><strong>rndc ""</strong></span> could trigger an assertion failure
- in <span class="command"><strong>named</strong></span>. This flaw is disclosed in
- (CVE-2017-3138). [RT #44924]
- </p>
- </li>
-<li class="listitem">
- <p>
- Some chaining (i.e., type CNAME or DNAME) responses to upstream
- queries could trigger assertion failures. This flaw is disclosed
- in CVE-2017-3137. [RT #44734]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>dns64</strong></span> with <span class="command"><strong>break-dnssec yes;</strong></span>
- can result in an assertion failure. This flaw is disclosed in
- CVE-2017-3136. [RT #44653]
- </p>
- </li>
-<li class="listitem">
- <p>
- If a server is configured with a response policy zone (RPZ)
- that rewrites an answer with local data, and is also configured
- for DNS64 address mapping, a NULL pointer can be read
- triggering a server crash. This flaw is disclosed in
- CVE-2017-3135. [RT #44434]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> could mishandle authority sections
- with missing RRSIGs, triggering an assertion failure. This
- flaw is disclosed in CVE-2016-9444. [RT #43632]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> mishandled some responses where
- covering RRSIG records were returned without the requested
- data, resulting in an assertion failure. This flaw is
- disclosed in CVE-2016-9147. [RT #43548]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> incorrectly tried to cache TKEY
- records which could trigger an assertion failure when there was
- a class mismatch. This flaw is disclosed in CVE-2016-9131.
- [RT #43522]
- </p>
- </li>
-<li class="listitem">
- <p>
- It was possible to trigger assertions when processing
- responses containing answers of type DNAME. This flaw is
- disclosed in CVE-2016-8864. [RT #43465]
- </p>
- </li>
-<li class="listitem">
- <p>
- Added the ability to specify the maximum number of records
- permitted in a zone (<code class="option">max-records #;</code>).
- This provides a mechanism to block overly large zone
- transfers, which is a potential risk with slave zones from
- other parties, as described in CVE-2016-6170.
- [RT #42143]
- </p>
- </li>
-<li class="listitem">
- <p>
- It was possible to trigger an assertion when rendering a
- message using a specially crafted request. This flaw is
- disclosed in CVE-2016-2776. [RT #43139]
- </p>
- </li>
-<li class="listitem">
- <p>
- Calling <span class="command"><strong>getrrsetbyname()</strong></span> with a non
- absolute name could trigger an infinite recursion bug in
- <span class="command"><strong>lwresd</strong></span> or <span class="command"><strong>named</strong></span> with
- <span class="command"><strong>lwres</strong></span> configured if, when combined with
- a search list entry from <code class="filename">resolv.conf</code>,
- the resulting name is too long. This flaw is disclosed in
- CVE-2016-2775. [RT #42694]
- </p>
- </li>
-</ul></div>
- </div>
-
- <div class="section">
-<div class="titlepage"><div><div><h3 class="title">
-<a name="relnotes_features"></a>New Features</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> now provides feedback to the
- owners of zones which have trust anchors configured
- (<span class="command"><strong>trusted-keys</strong></span>,
- <span class="command"><strong>managed-keys</strong></span>, <span class="command"><strong>dnssec-validation
- auto;</strong></span> and <span class="command"><strong>dnssec-lookaside auto;</strong></span>)
- by sending a daily query which encodes the keyids of the
- configured trust anchors for the zone. This is controlled
- by <span class="command"><strong>trust-anchor-telemetry</strong></span> and defaults
- to yes.
+ The BIND installer on Windows used an unquoted service path,
+ which can enable privilege escalation. This flaw is disclosed
+ in CVE-2017-3141. [RT #45229]
</p>
</li>
<li class="listitem">
<p>
- A new <span class="command"><strong>tcp-only</strong></span> option has been added to
- <span class="command"><strong>server</strong></span> clauses, to indicate that UDP should
- not be used when sending queries to a specified IP address or
- prefix.
+ With certain RPZ configurations, a response with TTL 0
+ could cause <span class="command"><strong>named</strong></span> to go into an infinite
+ query loop. This flaw is disclosed in CVE-2017-3140.
+ [RT #45181]
</p>
</li>
</ul></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
-<li class="listitem">
- <p>
- The ISC DNSSEC Lookaside Validation (DLV) service is scheduled
- to be disabled in 2017. A warning is now logged when
- <span class="command"><strong>named</strong></span> is configured to use this service,
- either explicitly or via <code class="option">dnssec-lookaside auto;</code>.
- [RT #42207]
- </p>
- </li>
-<li class="listitem">
- <p>
- If an ACL is specified with an address prefix in which the
- prefix length is longer than the address portion (for example,
- 192.0.2.1/8), <span class="command"><strong>named</strong></span> will now log a warning.
- In future releases this will be a fatal configuration error.
- [RT #43367]
- </p>
- </li>
-</ul></div>
- </div>
-
- <div class="section">
-<div class="titlepage"><div><div><h3 class="title">
-<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
-<li class="listitem">
- <p>
- A synthesized CNAME record appearing in a response before the
- associated DNAME could be cached, when it should not have been.
- This was a regression introduced while addressing CVE-2016-8864.
- [RT #44318]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> could deadlock if multiple changes
- to NSEC/NSEC3 parameters for the same zone were being processed
- at the same time. [RT #42770]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> could trigger an assertion when
- sending NOTIFY messages. [RT #44019]
- </p>
- </li>
-<li class="listitem">
- <p>
- Fixed a crash when calling <span class="command"><strong>rndc stats</strong></span> on some
- Windows builds: some Visual Studio compilers generate code that
- crashes when the "%z" printf() format specifier is used. [RT #42380]
- </p>
- </li>
-<li class="listitem">
- <p>
- Windows installs were failing due to triggering UAC without
- the installation binary being signed.
- </p>
- </li>
-<li class="listitem">
- <p>
- A change in the internal binary representation of the RBT database
- node structure enabled a race condition to occur (especially when
- BIND was built with certain compilers or optimizer settings),
- leading to inconsistent database state which caused random
- assertion failures. [RT #42380]
- </p>
- </li>
-<li class="listitem">
- <p>
- Referencing a nonexistent zone in a <span class="command"><strong>response-policy</strong></span>
- statement could cause an assertion failure during configuration.
- [RT #43787]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>rndc addzone</strong></span> could cause a crash
- when attempting to add a zone with a type other than
- <span class="command"><strong>master</strong></span> or <span class="command"><strong>slave</strong></span>.
- Such zones are now rejected. [RT #43665]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> could hang when encountering log
- file names with large apparent gaps in version number (for
- example, when files exist called "logfile.0", "logfile.1",
- and "logfile.1482954169"). This is now handled correctly.
- [RT #38688]
- </p>
- </li>
-<li class="listitem">
- <p>
- If a zone was updated while <span class="command"><strong>named</strong></span> was
- processing a query for nonexistent data, it could return
- out-of-sync NSEC3 records causing potential DNSSEC validation
- failure. [RT #43247]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> could crash when loading a zone
- which had RRISG records whose expiry fields were far enough
- apart to cause an integer overflow when comparing them.
- [RT #40571]
- </p>
- </li>
-<li class="listitem">
- <p>
- The <span class="command"><strong>arpaname</strong></span> and <span class="command"><strong>named-rrchecker</strong></span>
- commands were not installed into the correct
- <span class="command"><strong>prefix</strong></span><code class="filename">/bin</code> directory.
- [RT #42910]
- </p>
- </li>
-<li class="listitem">
- <p>
- When receiving a response from an authoritative server with
- a TTL value of zero, <span class="command"><strong>named></strong></span> will now only use
- that response once, to answer the currently active clients that
- were waiting for it. Previously, such response could be cached
- and reused for up to one second. [RT #42142]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named-checkconf</strong></span> now checks the
- <span class="command"><strong>rate-limit</strong></span> clause for correctness.
- [RT #42970]
- </p>
- </li>
-<li class="listitem">
- <p>
- Corrected a bug in the <span class="command"><strong>rndc</strong></span> control channel
- that could allow a read past the end of a buffer, crashing
- <span class="command"><strong>named</strong></span>. Thanks to Lian Yihan for reporting
- this error.
- </p>
- </li>
-</ul></div>
- </div>
-
- <div class="section">
-<div class="titlepage"><div><div><h3 class="title">
-<a name="relnotes_maint"></a>Maintenance</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
- <p>
- The built-in root hints have been updated to include
- IPv6 addresses for B.ROOT-SERVERS.NET (2001:500:84::b),
- E.ROOT-SERVERS.NET (2001:500:a8::e) and
- G.ROOT-SERVERS.NET (2001:500:12::d0d).
- </p>
- </li></ul></div>
- </div>
-
- <div class="section">
-<div class="titlepage"><div><div><h3 class="title">
<a name="end_of_life"></a>End of Life</h3></div></div></div>
<p>
The end of life for BIND 9.10 is yet to be determined but
projects / thirdparty / bind9.git / commitdiff
