<itemizedlist>
<listitem>
<para>
- On servers configured to perform DNSSEC validation using
- managed trust anchors (i.e., keys configured explicitly
- via <command>managed-keys</command>, or implicitly
- via <command>dnssec-validation auto;</command> or
- <command>dnssec-lookaside auto;</command>), revoking
- a trust anchor and sending a new untrusted replacement
- could cause <command>named</command> to crash with an
- assertion failure. This could occur in the event of a
- botched key rollover, or potentially as a result of a
- deliberate attack if the attacker was in position to
- monitor the victim's DNS traffic.
+ On servers configured to perform DNSSEC validation an
+ assertion failure could be triggered on answers from
+ a specially configured server.
</para>
- <para>
- This flaw was discovered by Jan-Piet Mens, and is
- disclosed in CVE-2015-1349. [RT #38344]
- </para>
- </listitem>
- <listitem>
- <para>
- A flaw in delegation handling could be exploited to put
- <command>named</command> into an infinite loop, in which
- each lookup of a name server triggered additional lookups
- of more name servers. This has been addressed by placing
- limits on the number of levels of recursion
- <command>named</command> will allow (default 7), and
- on the number of queries that it will send before
- terminating a recursive query (default 50).
- </para>
- <para>
- The recursion depth limit is configured via the
- <option>max-recursion-depth</option> option, and the query limit
- via the <option>max-recursion-queries</option> option.
- </para>
- <para>
- The flaw was discovered by Florian Maury of ANSSI, and is
- disclosed in CVE-2014-8500. [RT #37580]
- </para>
- </listitem>
+ <para>
+ This flaw was discovered by Breno Silveira Soares, and is
+ disclosed in CVE-2015-4620. [RT #39795]
+ </para>
+ </listitem>
</itemizedlist>
</sect2>
<sect2 id="relnotes_features">
projects / thirdparty / bind9.git / commitdiff
