to be added. This can be disabled with "check-names no".
This release addresses the security flaws described in
- CVE-2014-3214, CVE-2014-3859, CVE-2014-8500, CVE-2014-8680 and
- CVE-2015-1349.
+ CVE-2014-3214, CVE-2014-3859, CVE-2014-8500, CVE-2014-8680,
+ CVE-2015-1349 and CVE-2015-5477.
BIND 9.10.0
<sect2 id="relnotes_security">
<title>Security Fixes</title>
<itemizedlist>
+ <listitem>
+ <para>
+ A specially crafted query could trigger an assertion failure
+ in message.c.
+ </para>
+ <para>
+ This flaw was discovered by Jonathan Foote, and is disclosed
+ in CVE-2015-5477. [RT #39795]
+ </para>
+ </listitem>
<listitem>
<para>
On servers configured to perform DNSSEC validation, an
assertion failure could be triggered on answers from
a specially configured server.
</para>
- <para>
+ <para>
This flaw was discovered by Breno Silveira Soares, and is
disclosed in CVE-2015-4620. [RT #39795]
- </para>
+ </para>
</listitem>
<listitem>
<para>
vehicle for such an attack.
</para>
<itemizedlist>
- <listitem>
+ <listitem>
<para>
<option>fetches-per-server</option> limits the number of
simultaneous queries that can be sent to any single
<option>fetch-quota-params</option> option.
</para>
</listitem>
- <listitem>
+ <listitem>
<para>
<option>fetches-per-zone</option> limits the number of
simultaneous queries that can be sent for names within a
>http://localhost:8888/xml/v3/traffic</ulink>
or
<ulink url="http://localhost:8888/json/v1/traffic"
- >http://localhost:8888/json/v1/traffic</ulink>.
+ >http://localhost:8888/json/v1/traffic</ulink>.
</para>
</listitem>
<listitem>
</para>
</listitem>
<listitem>
- <para>
+ <para>
Built-in "empty" zones did not correctly inherit the
"allow-transfer" ACL from the options or view. [RT #38310]
- </para>
+ </para>
</listitem>
<listitem>
<para>
Several bugs have been fixed in the RPZ implementation:
</para>
<itemizedlist>
- <listitem>
+ <listitem>
<para>
Policy zones that did not specifically require recursion
could be treated as if they did; consequently, setting