<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
- Named incorrectly tried to cache TKEY records which could
- trigger a assertion failure when there was a class mismatch.
- This flaw is disclosed in CVE-2016-9131. [RT #43522]
+ A coding error in the <code class="option">nxdomain-redirect</code>
+ feature could lead to an assertion failure if the redirection
+ namespace was served from a local authoritative data source
+ such as a local zone or a DLZ instead of via recursive
+ lookup. This flaw is disclosed in CVE-2016-9778. [RT #43837]
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ <span class="command"><strong>named</strong></span> could mishandle authority sections
+ with missing RRSIGs, triggering an assertion failure. This
+ flaw is disclosed in CVE-2016-9444. [RT #43632]
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ <span class="command"><strong>named</strong></span> mishandled some responses where
+ covering RRSIG records were returned without the requested
+ data, resulting in an assertion failure. This flaw is
+ disclosed in CVE-2016-9147. [RT #43548]
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ <span class="command"><strong>named</strong></span> incorrectly tried to cache TKEY
+ records which could trigger an assertion failure when there was
+ a class mismatch. This flaw is disclosed in CVE-2016-9131.
+ [RT #43522]
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ It was possible to trigger assertions when processing
+ responses containing answers of type DNAME. This flaw is
+ disclosed in CVE-2016-8864. [RT #43465]
</p>
</li>
<li class="listitem">
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
- Named incorrectly tried to cache TKEY records which could
- trigger a assertion failure when there was a class mismatch.
- This flaw is disclosed in CVE-2016-9131. [RT #43522]
+ A coding error in the <code class="option">nxdomain-redirect</code>
+ feature could lead to an assertion failure if the redirection
+ namespace was served from a local authoritative data source
+ such as a local zone or a DLZ instead of via recursive
+ lookup. This flaw is disclosed in CVE-2016-9778. [RT #43837]
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ <span class="command"><strong>named</strong></span> could mishandle authority sections
+ with missing RRSIGs, triggering an assertion failure. This
+ flaw is disclosed in CVE-2016-9444. [RT #43632]
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ <span class="command"><strong>named</strong></span> mishandled some responses where
+ covering RRSIG records were returned without the requested
+ data, resulting in an assertion failure. This flaw is
+ disclosed in CVE-2016-9147. [RT #43548]
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ <span class="command"><strong>named</strong></span> incorrectly tried to cache TKEY
+ records which could trigger an assertion failure when there was
+ a class mismatch. This flaw is disclosed in CVE-2016-9131.
+ [RT #43522]
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ It was possible to trigger assertions when processing
+ responses containing answers of type DNAME. This flaw is
+ disclosed in CVE-2016-8864. [RT #43465]
</p>
</li>
<li class="listitem">