[blfs-book] [BLFS Trac] #4558: BIND 9.9.4-P2

BLFS Trac trac at linuxfromscratch.org
Mon Jan 13 10:55:18 PST 2014

#4558: BIND 9.9.4-P2
 Reporter:  fo           |      Owner:  blfs-book@…
     Type:  enhancement  |     Status:  new
 Priority:  normal       |  Milestone:  current
Component:  BOOK         |    Version:  SVN
 Severity:  normal       |   Keywords:


 Security Fixes

    Prevents named from crashing with an INSIST failure when certain
    queries are made against an NSEC3-signed zone. (CVE-2014-0591)
    [RT #35120]

    Treat an all zero netmask as invalid when generating the localnets
    acl. A Winsock library call on some Windows systems can return
    an incorrect value for an interface's netmask, potentially
    causing unexpected matches to BIND's built-in "localnets" Access
    Control List. (CVE-2013-6230) [RT #34687]

    Previously an error in bounds checking on the private type
    'keydata' could be used to deny service through a deliberately
    triggerable REQUIRE failure (CVE-2013-4854).  [RT #34238]

    Prevents exploitation of a runtime_check which can crash named
    when satisfying a recursive query for particular malformed zones.
    (CVE-2013-3919) [RT #33690]

 New Features

    Added Response Rate Limiting (RRL) functionality to reduce the
    effectiveness of DNS as an amplifier for reflected denial-of-service
    attacks by rate-limiting substantially-identical responses. [RT

 Feature Changes

    rndc status now also shows the build-id. [RT #20422]

Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/4558>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch

More information about the blfs-book mailing list