From 0af284b18b195c797b51208d623c3cedbb5bb2bd Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Thu, 20 Nov 2014 13:17:47 -0800 Subject: [PATCH] [v9_10] add notes --- doc/arm/notes.xml | 37 ++++++++++++++++++++++++++++++++++++- 1 file changed, 36 insertions(+), 1 deletion(-) diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml index 6362e0b4cc..ffacb19f6a 100644 --- a/doc/arm/notes.xml +++ b/doc/arm/notes.xml @@ -39,7 +39,42 @@ Security Fixes - None + + A flaw in delegation handling could be exploited to put + named into an infinite loop, in which + each lookup of a name server triggered additional lookups + of more name servers. This has been addressed by placing + limits on the number of levels of recursion + named will allow (default 7), and + on the number of queries that it will send before + terminating a recursive query (default 50). + + + The recursion depth limit is configured via the + option, and the query limit + via the option. + + + The flaw was discovered by Florian Maury of ANSSI, and is + disclosed in CVE-2014-8500. [RT #37580] + + + + + Two separate problems were identified in BIND's GeoIP code that + could lead to an assertion failure. One was triggered by use of + both IPv4 and IPv6 address families, the other by referencing + a GeoIP database in named.conf which was + not installed. Both are covered by CVE-2014-8680. [RT #37672] + [RT #37679] + + + A less serious security flaw was also found in GeoIP: changes + to the geoip-directory option in + named.conf were ignored when running + rndc reconfig. In theory, this could allow + named to allow access to unintended clients. +