flushset: out of memory
Farid Hamjavar
hamjavar at unm.edu
Fri Nov 10 21:38:12 UTC 2000
Greetings,
AIX 4.3.3
BIND 8.2.2-p5
Do you folks think this is due to security hole
in 8.2.2-p5 which is fixed in 8.2.2-p7 ?
% egrep -i flush /var/log/messages
Nov 10 12:58:39 ariel named[4644]: flushset: out of memory
Nov 10 12:58:39 ariel named[4644]: flushset: out of memory
Thanks,
Farid
---------- Forwarded message ----------
Date: Thu, 09 Nov 2000 19:39:01 -0800
From: Paul A Vixie <vixie at mfnx.net>
To: bind-announce at isc.org
Subject: BIND 8.2.2-P7 release announcement
-----BEGIN PGP SIGNED MESSAGE-----
This is BIND 8.2.2-P7, a maintainance release addressing some defects in
BIND 8.2.2-P5. It includes the mostly-unreleased BIND 8.2.2-P6 as well.
Some highlights vs. BIND 8.2.2-P5:
Fixes "ZXFR" denial of service attack
Fixes "division by 0" denial of service attack
Fix various other random problems
Add *no* new functionality
Distribution files are:
ftp://ftp.isc.org/isc/bind/src/8.2.2-P7/bind-src.tar.gz
ftp://ftp.isc.org/isc/bind/src/8.2.2-P7/bind-doc.tar.gz
ftp://ftp.isc.org/isc/bind/src/8.2.2-P7/bind-contrib.tar.gz
PGP signature files are:
ftp://ftp.isc.org/isc/bind/src/8.2.2-P7/bind-src.tar.gz.asc
ftp://ftp.isc.org/isc/bind/src/8.2.2-P7/bind-doc.tar.gz.asc
ftp://ftp.isc.org/isc/bind/src/8.2.2-P7/bind-contrib.tar.gz.asc
MD5 checksums are:
MD5 (bind-contrib.tar.gz) = 51420e28ab025b3a28e4488e1318d299
MD5 (bind-contrib.tar.gz.asc) = a55b10d415628bfa0d5a31deefb26900
MD5 (bind-doc.tar.gz) = 6f26254fdd43e3d4b8b42062bb9766db
MD5 (bind-doc.tar.gz.asc) = c3879bce186ff60710edcb3cddc2a444
MD5 (bind-src.tar.gz) = 832669455e70a4b58e635b6b02e87910
MD5 (bind-src.tar.gz.asc) = b4ae26fa5a3a552e2cb5ff03f2001d01
top of CHANGES says:
--- 8.2.2-P7 released ---
1048. [bug] ns_ctl_install() was corrupting the server_controls
list.
1007. [bug] only set STREAM_AXFRIXFR if the original query is
an IXFR.
982. [bug] rollback the compression pointers array when a
RRset/RR does not fit.
962. [bug] another almost-complete rewrite of IXFR from kjd (462)
[incorporate ZXFR DoS fix from #962]
--- 8.2.2-P6 released ---
903. [bug] divide by zero bug when querying for SIG records from
a secure zone.
902. [support] don't attempt to set q_fzone if we won't be using it.
901. [support] delay notify timer setting until all zones have been
loaded.
900. [port] hpux10 fix call to bison; sco call bison consistenly.
899. [bug] dynamically allocate buffer used to display RR rather
than uses a fixed sized one. grow as needed.
898. [bug] if truncation caused no RR's to appear in the answer we
mis-classified the answer on a NODATA.
897. [support] descriptors used by named should not be inherited by
named-xfer.
896. [contrib] add contrib/adm/adm-nxt, an exploit for the NXT bug
in 8.2 and 8.2.1. as before, we do not recommend its
use, and we do recommend that you run the latest BIND.
--- 8.2.2-P5 released ---
895. [port] minor NT build and documentation improvements.
894. [bug] incorrect "key" statements in named.conf weren't
handled properly.
--- 8.2.2-P4 released ---
893. [bug] DNSSEC logic in bin/host broke -t any
892. [bug] multiple SOA on AXFR bug
--- 8.2.2-P3 released ---
891. [bug] options { also-notify { ... }; }; resulted in wrong
pointer being memput with the wrong size on reload.
890. [port] A/UX portability improved.
889. [port] added IPv6 portability for OpenBSD, NetBSD, FreeBSD.
--- 8.2.2-P2 released (internal release) ---
888. [support] add default: all tag to top src/Makefile so that "make"
will work properly in some OS'.
887. [bug] "dig ... axfr" was printing spurious "TSIG ok" msgs.
886. [support] top-level Makefile now included in all tarballs.
885. [support] IXFR improvements.
884. [bug] some deprecated NXT RR forms weren't ignored properly.
883. [support] "host" command can now try to verify dnssec signatures.
882. [contrib] dns_signer/ had some last minute problems (by author).
881. [bug] possible sprintf() overflow prevented.
880. [support] minor tweak to bin/dig/dig.c TSIG code to clarify
whether res_nsend or res_nsendsigned is being used.
879. [support] add "noesw" target to top-level Makefile (for PL1).
878. [port] aix4 HAS_INET6_STRUCTS was not being set based on the
existance of _IN6_ADDR_STRUCT.
877. [port] freebsd + KAME need a different Makefile.set
see INSTALL notes.
876. [port] IPv6 probe for MPE/IX, NetBSD.
875. [bug] bad NAPTR RRs could be loaded from zone files.
874. [port] update irix_patch in irix port.
873. [port] add SRC/tools to sco's make [std]links.
--- 8.2.2-REL released ---
...
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.5.5, an Emacs/PGP interface
iQCVAwUBOgttf3cdkq6JcsfBAQGP0AQAtmrHU8c709cZnEG+TmKO4atAf1hsF7cB
WQYCJM6D8mRVoI0nv7954Cwj0JORTWzal1OU6lv7cDtMPqUrJOXbP8iqUMrSMhe0
HK6Mutc7/epkERxOG4xXjsUVTAcnowOQcuZ+8WrJU+y0LbUMN2O25k2KpVnPW7F6
FmbDuagRqfI=
=n5qY
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list