Browse Source

bind: Update to bind-9.10.5

This change includes fixes for several security issues:

  * CVE-2017-3138: rndc "" could trigger an assertion failure in named.
  * CVE-2017-3137: Some chaining (i.e., type CNAME or DNAME) responses to
    upstream queries could trigger assertion failures.
  * CVE-2017-3136: dns64 with break-dnssec yes; can result in an assertion
    failure.
  * CVE-2017-3135: If a server is configured with a response policy zone
    (RPZ) that rewrites an answer with local data, and is also configured
    for DNS64 address mapping, a NULL pointer can be read triggering a
    server crash.
  * CVE-2016-9444: named could mishandle authority sections with missing
    RRSIGs, triggering an assertion failure.
  * CVE-2016-9131: named mishandled some responses where covering RRSIG
    records were returned without the requested data, resulting in an
    assertion failure.
  * CVE-2016-9131: named incorrectly tried to cache TKEY records which could
    trigger an assertion failure when there was a class mismatch.
  * CVE-2016-8864: It was possible to trigger assertions when processing
    responses containing answers of type DNAME.
  * CVE-2016-6170: Added the ability to specify the maximum number of
    records permitted in a zone (max-records #;). This provides a mechanism
    to block overly large zone transfers, which is a potential risk with
    slave zones from other parties.
  * CVE-2016-2776: It was possible to trigger an assertion when rendering a
    message using a specially crafted request.
  * CVE-2016-2775: Calling getrrsetbyname() with a non absolute name could
    trigger an infinite recursion bug in lwresd or named with lwres
    configured if, when combined with a search list entry from resolv.conf,
    the resulting name is too long.

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
lilik-openwrt-22.03
Noah Meyerhans 8 years ago
parent
commit
588284218a
1 changed files with 2 additions and 2 deletions
  1. +2
    -2
      net/bind/Makefile

+ 2
- 2
net/bind/Makefile View File

@ -9,7 +9,7 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=bind PKG_NAME:=bind
PKG_VERSION:=9.10.4-P5
PKG_VERSION:=9.10.5
PKG_RELEASE:=1 PKG_RELEASE:=1
USERID:=bind=57:bind=57 USERID:=bind=57:bind=57
@ -20,7 +20,7 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:= \ PKG_SOURCE_URL:= \
ftp://ftp.isc.org/isc/bind9/$(PKG_VERSION) \ ftp://ftp.isc.org/isc/bind9/$(PKG_VERSION) \
http://www.mirrorservice.org/sites/ftp.isc.org/isc/bind9/$(PKG_VERSION) http://www.mirrorservice.org/sites/ftp.isc.org/isc/bind9/$(PKG_VERSION)
PKG_MD5SUM:=c53a3e34e7aabb16820b036ae9afd3c9
PKG_MD5SUM:=8359e000eaec76efd6dfa186c12c3b93
PKG_FIXUP:=autoreconf PKG_FIXUP:=autoreconf
PKG_REMOVE_FILES:=aclocal.m4 libtool.m4 PKG_REMOVE_FILES:=aclocal.m4 libtool.m4


Loading…
Cancel
Save