default without a configure option.
* The obsolete isc-hmac-fixup command has been removed.
+BIND 9.12.1
+
+BIND 9.12.1 is a maintenance release.
+
Building BIND
BIND requires a UNIX or Linux system with an ANSI C compiler, basic POSIX
by default without a configure option.
* The obsolete `isc-hmac-fixup` command has been removed.
+#### BIND 9.12.1
+
+BIND 9.12.1 is a maintenance release.
+
### <a name="build"/> Building BIND
BIND requires a UNIX or Linux system with an ANSI C compiler, basic POSIX
<section xml:id="relnotes_security"><info><title>Security Fixes</title></info>
<itemizedlist>
- <listitem>
- <para>
- Addresses could be referenced after being freed during resolver
- processing, causing an assertion failure. The chances of this
- happening were remote, but the introduction of a delay in
- resolution increased them. This bug is disclosed in
- CVE-2017-3145. [RT #46839]
- </para>
- </listitem>
<listitem>
<para>
update-policy rules that otherwise ignore the name field now
require that it be set to "." to ensure that any type list
- present is properly interpreted. If the name field was omitted
- from the rule declaration and a type list was present it wouldn't
- be interpreted as expected.
+ present is properly interpreted. Previously, if the name field
+ was omitted from the rule declaration but a type list was
+ present, it wouldn't be interpreted as expected.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
- Attempting to validate improperly unsigned CNAME responses
- from secure zones could cause a validator loop. This caused
- a delay in returning SERVFAIL and also increased the chances
- of encountering the crash bug described in CVE-2017-3145.
- [RT #46839]
+ <command>named</command> could crash when acting as a slave for a
+ catalog zone if zone contained a master definition without an IP
+ address. [RT #45999]
</para>
</listitem>
</itemizedlist>
projects / thirdparty / bind9.git / commitdiff
