"Fossies" - the Fresh Open Source Software Archive

Member "bind-9.11.23/doc/arm/notes-9.11.2.xml" (7 Sep 2020, 4229 Bytes) of package /linux/misc/dns/bind9/9.11.23/bind-9.11.23.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) XML source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 <!--
    2  - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
    3  -
    4  - This Source Code Form is subject to the terms of the Mozilla Public
    5  - License, v. 2.0. If a copy of the MPL was not distributed with this
    6  - file, You can obtain one at http://mozilla.org/MPL/2.0/.
    7  -
    8  - See the COPYRIGHT file distributed with this work for additional
    9  - information regarding copyright ownership.
   10 -->
   11 
   12 <section xml:id="relnotes-9.11.2"><info><title>Notes for BIND 9.11.2</title></info>
   13 
   14   <section xml:id="relnotes-9.11.2-security"><info><title>Security Fixes</title></info>
   15     <itemizedlist>
   16       <listitem>
   17         <para>
   18           An error in TSIG handling could permit unauthorized zone
   19           transfers or zone updates. These flaws are disclosed in
   20           CVE-2017-3142 and CVE-2017-3143. [RT #45383]
   21         </para>
   22       </listitem>
   23       <listitem>
   24         <para>
   25           The BIND installer on Windows used an unquoted service path,
   26           which can enable privilege escalation. This flaw is disclosed
   27           in CVE-2017-3141. [RT #45229]
   28         </para>
   29       </listitem>
   30       <listitem>
   31         <para>
   32           With certain RPZ configurations, a response with TTL 0
   33           could cause <command>named</command> to go into an infinite
   34           query loop. This flaw is disclosed in CVE-2017-3140.
   35           [RT #45181]
   36         </para>
   37       </listitem>
   38     </itemizedlist>
   39   </section>
   40 
   41   <section xml:id="relnotes-9.11.2-changes"><info><title>Feature Changes</title></info>
   42     <itemizedlist>
   43       <listitem>
   44         <para>
   45           <command>dig +ednsopt</command> now accepts the names
   46           for EDNS options in addition to numeric values. For example,
   47           an EDNS Client-Subnet option could be sent using
   48           <command>dig +ednsopt=ecs:...</command>. Thanks to
   49           John Worley of Secure64 for the contribution. [RT #44461]
   50         </para>
   51       </listitem>
   52       <listitem>
   53         <para>
   54           Threads in <command>named</command> are now set to human-readable
   55           names to assist debugging on operating systems that support that.
   56           Threads will have names such as "isc-timer", "isc-sockmgr",
   57           "isc-worker0001", and so on. This will affect the reporting of
   58           subsidiary thread names in <command>ps</command> and
   59           <command>top</command>, but not the main thread. [RT #43234]
   60         </para>
   61       </listitem>
   62       <listitem>
   63         <para>
   64           DiG now warns about .local queries which are reserved for
   65           Multicast DNS. [RT #44783]
   66         </para>
   67       </listitem>
   68     </itemizedlist>
   69   </section>
   70 
   71   <section xml:id="relnotes-9.11.2-bugs"><info><title>Bug Fixes</title></info>
   72     <itemizedlist>
   73       <listitem>
   74         <para>
   75           Fixed a bug that was introduced in an earlier development
   76           release which caused multi-packet AXFR and IXFR messages to fail
   77           validation if not all packets contained TSIG records; this
   78           caused interoperability problems with some other DNS
   79           implementations. [RT #45509]
   80         </para>
   81       </listitem>
   82       <listitem>
   83         <para>
   84           Reloading or reconfiguring <command>named</command> could
   85           fail on some platforms when LMDB was in use. [RT #45203]
   86         </para>
   87       </listitem>
   88       <listitem>
   89         <para>
   90           Due to some incorrectly deleted code, when BIND was
   91           built with LMDB, zones that were deleted via
   92           <command>rndc delzone</command> were removed from the
   93           running server but were not removed from the new zone
   94           database, so that deletion did not persist after a
   95           server restart. This has been corrected. [RT #45185]
   96         </para>
   97       </listitem>
   98       <listitem>
   99         <para>
  100           Semicolons are no longer escaped when printing CAA and
  101           URI records.  This may break applications that depend on the
  102           presence of the backslash before the semicolon. [RT #45216]
  103         </para>
  104       </listitem>
  105       <listitem>
  106         <para>
  107           AD could be set on truncated answer with no records present
  108           in the answer and authority sections. [RT #45140]
  109         </para>
  110       </listitem>
  111     </itemizedlist>
  112   </section>
  113 
  114 </section>