Commit Graph
122 Commits
Author SHA1 Message Date
Evan Hunt a3f30d1aac [v9_9] address TSIG bypass/forgery vulnerabilities
4643.	[security]	An error in TSIG handling could permit unauthorized
			zone transfers or zone updates. (CVE-2017-3142)
			(CVE-2017-3143) [RT #45383]

(cherry picked from commit 581c1526ab)
(cherry picked from commit a03f4b1ea4)
2017-06-27 11:41:31 -07:00
Evan Hunt ef0f8427a2 [v9_9] quote service registry paths
4532.	[security]	The BIND installer on Windows used an unquoted
                        service path, which can enable privilege escalation.
			(CVE-2017-3141) [RT #45229]

(cherry picked from commit 967a3b9419)
(cherry picked from commit c28e44f3f8)
2017-05-30 13:39:28 -07:00
Evan Hunt 10f80ef83a [v9_9] fix rpz formerr loop
4531.	[security]	Some RPZ configurations could go into an infinite
			query loop when encountering responses with TTL=0.
			(CVE-2017-3140) [RT #45181]

(cherry picked from commit 3440cf9c60)
(cherry picked from commit a57b289ed0)
2017-05-30 12:43:57 -07:00
Mark Andrews c3a2924e00 add warning about semicolon no longer being escaped
(cherry picked from commit d4d73bca79)
2017-05-11 11:03:18 +10:00
Evan Hunt 9ad188ccaf [v9_9] give threads unique names to assist debugging
4602.	[func]		Threads are now set to human-readable
			names to assist debugging, when supported by
			the OS. [RT #43234]

(cherry picked from commit d26ae7fc08)
(cherry picked from commit 8b9c4592ed)
2017-04-21 14:00:54 -07:00
Evan Hunt dc0a308b9a [v9_9] clear out relnotes 2017-04-21 13:39:29 -07:00
Evan Hunt 78354abccc [v9_9] update EOL date 2017-04-20 11:26:10 -07:00
Evan Hunt 835485d6a7 [v9_9] formatting
(cherry picked from commit 52e398c0af)
2017-04-12 14:06:18 -07:00
Mark Andrews 91adc7a4da add CVE-2017-3138
(cherry picked from commit fe1ad70e51)
2017-03-30 02:57:16 +11:00
Evan Hunt fcf1874867 [v9_9] remove unnecessary INSIST and prep 9.11.1rc2
4578.	[security]	Some chaining (CNAME or DNAME) responses to upstream
			queries could trigger assertion failures.
			(CVE-2017-3137) [RT #44734]

(cherry picked from commit a1365a0042)
(cherry picked from commit 559cbe04e7)
2017-02-23 15:26:55 -08:00
Mark Andrews 52e42f648b add CVE-2017-3136 note
(cherry picked from commit d77eadc261)
2017-02-15 12:45:20 +11:00
Evan Hunt 02f0aa2ed3 [v9_9] doc style 2017-02-07 08:19:39 -08:00
Evan Hunt 0220addcca [v9_9] removed extra note about bind.keys update 2017-02-06 14:19:39 -08:00
Evan Hunt 3b1b532d66 [v9_9] release note about new root key 2017-02-04 22:16:06 -08:00
Mark Andrews 07f8c99017 new root KSK 2017-02-02 18:30:20 +11:00
Evan Hunt a6bae6d52c [v9_9] change 4558 was incomplete
(cherry picked from commit cd668ea57f)
2017-01-30 14:11:30 -08:00
Evan Hunt 4474e3aca7 [v9_9] expand relnote
(cherry picked from commit afa0ff0cbb)
2017-01-23 20:05:13 -08:00
Mark Andrews 4b843e0cc8 4556. [security] Combining dns64 and rpz can result in dereferencing
a NULL pointer (read).  (CVE-2017-3135) [RT#44434]

(cherry picked from commit 5abe80ef13)
2017-01-24 09:56:20 +11:00
Tinderbox User 0ed649b6e5 update copyright notice / whitespace 2017-01-12 23:48:25 +00:00
Mark Andrews ab9537f521 4553. [bug] Named could deadlock there were multiple changes to
NSEC/NSEC3 parameters for a zone being processed at
                        the same time. [RT #42770]

(cherry picked from commit d2e1b47d4f)
2017-01-12 14:26:17 +11:00
Mark Andrews 72a50181d2 4552. [bug] Named could trigger a assertion when sending notify
messages. [RT #44019]

(cherry picked from commit 42924b40af)
2017-01-12 14:20:18 +11:00
Evan Hunt 4e8f6de3dd [v9_9] release notes 2016-12-28 20:10:52 -08:00
Mark Andrews d372472f60 4508. [security] Named incorrectly tried to cache TKEY records which
could trigger a assertion failure when there was
                            a class mismatch. (CVE-2016-9131) [RT #43522]

(cherry picked from commit 2c1c4b99a1)
2016-12-29 11:35:54 +11:00
Evan Hunt 81a5785611 [v9_9] release notes 2016-12-28 13:54:44 -08:00
Mark Andrews 3cf6fa831e 4527. [doc] Support DocBook XSL Stylesheets v1.79.1. [RT #43831]
(cherry picked from commit 1b8ce3b330)
2016-12-07 11:00:40 +11:00
Mark Andrews 51fe40fd59 4504. [security] Allow the maximum number of records in a zone to
be specified.  This provides a control for issues
                        raised in CVE-2016-6170. [RT #42143]

(cherry picked from commit 5f8412a4cb)
2016-11-03 10:46:37 +11:00
Mark Andrews fa1f25ce83 add CVE-2016-2776 2016-09-09 11:53:18 +10:00
Mark Andrews 00e7b6dcca grammar
(cherry picked from commit 8f7881684b)
2016-07-14 09:43:04 +10:00
Mark Andrews e0f5ce3bad add [RT #42694] 2016-07-13 11:36:13 +10:00
Mark Andrews eca42d74ef whitespace 2016-07-13 11:25:32 +10:00
Mark Andrews d05f0b2479 add CVE-2016-2775 2016-07-12 01:19:20 +10:00
Mark Andrews 8491339284 add note for rt42694
(cherry picked from commit aacf0753e9)
2016-07-07 13:55:57 +10:00
Evan Hunt 08da9c0bc0 [v9_9] spelling 2016-05-25 18:45:49 -07:00
Evan Hunt 767c85f45a [v9_9] extend release notes 2016-05-25 18:43:56 -07:00
Evan Hunt d5ebc757a6 [v9_9] log message when using ISC DLV
4352.	[cleanup]	The ISC DNSSEC Lookaside Validation (DLV) service
			is scheduled to be disabled in 2017.  A warning is
			now logged when named is configured to use it,
			either explicitly or via "dnssec-lookaside auto;"
			[RT #42207]
2016-05-04 14:40:17 -07:00
Tinderbox User 046e66c891 update copyright notice / whitespace 2016-03-30 23:45:53 +00:00
Jeremy C. Reed a2f067c7b5 [v9_9] some release notes updates
mention that the document summarizes "significant" changes
since obviously it misses a lot.
Also refer to the CHANGES file.

Added a few bugs. Wording some discussed via email, phone call, and jabber.
2016-03-30 13:36:55 -04:00
Evan Hunt 7d5c94236b [v9_9] more release note corrections 2016-03-24 16:40:54 -07:00
Evan Hunt 7e76a21929 [v9_9] fixes for release notes 2016-03-24 14:43:05 -07:00
Mark Andrews ef0a86dfad note rrsig regeneration
(cherry picked from commit 98c5690bd9)
2016-03-11 12:28:11 +11:00
Jeremy C. Reed 4943482c81 minor updates and a typo fix
mention SMIMEA, new contrib, and named -V
2016-03-08 08:52:45 -05:00
Mark Andrews c85aaaaf17 9.9.9b1 2016-03-08 16:14:23 +11:00
Mark Andrews cb3e40e655 add AVC 2016-03-04 18:17:39 +11:00
Evan Hunt b5957e6c2d [v9_9] recursively clean empty interior nodes when deleting database records
4324.	[bug]		When deleting records from a zone database, interior
			nodes could be left empty but not deleted, damaging
			search performance afterward. [RT #40997]

(cherry picked from commit 44c86318ed)
(cherry picked from commit db06cd726c)
2016-03-03 21:19:59 -08:00
Mark Andrews 885b3a09f2 re-order security list into reverse order 2016-02-29 12:47:03 +11:00
Mukund Sivaraman 76c3c9fe9f Fix resolver assertion failure due to improper DNAME handling (CVE-2016-1286) (#41753)
(cherry picked from commit 5995fec51c)
(cherry picked from commit 456e1eadd2)
2016-02-22 12:25:46 +05:30
Mark Andrews 31e4657cf2 4318. [security] Malformed control messages can trigger assertions
in named and rndc. (CVE-2016-1285) [RT #41666]

(cherry picked from commit a2b15b3305)
2016-02-18 12:18:00 +11:00
Evan Hunt b23d9e68e9 [v9_9] remove reporter's name per his request 2016-01-29 10:36:17 -08:00
Evan Hunt e1997cc26e [v9_9] update EOL date 2016-01-27 12:08:08 -08:00
Evan Hunt 75214d0c59 [v9_9] fix use after free on xfr timeout
4289.	[bug]		The server could crash due to memory being used
			after it was freed if a zone transfer timed out.
			[RT #41297]
2016-01-04 22:06:35 -08:00