flushset: out of memory

Farid Hamjavar hamjavar at unm.edu
Fri Nov 10 21:38:12 UTC 2000 


Greetings,

AIX 4.3.3
BIND 8.2.2-p5


Do you folks think this is due to security hole
in 8.2.2-p5  which is fixed in 8.2.2-p7 ?



% egrep -i flush /var/log/messages
Nov 10 12:58:39 ariel named[4644]: flushset: out of memory
Nov 10 12:58:39 ariel named[4644]: flushset: out of memory


Thanks,
Farid


---------- Forwarded message ----------
Date: Thu, 09 Nov 2000 19:39:01 -0800
From: Paul A Vixie <vixie at mfnx.net>
To: bind-announce at isc.org
Subject: BIND 8.2.2-P7 release announcement

-----BEGIN PGP SIGNED MESSAGE-----

This is BIND 8.2.2-P7, a maintainance release addressing some defects in
BIND 8.2.2-P5.  It includes the mostly-unreleased BIND 8.2.2-P6 as well.

Some highlights vs. BIND 8.2.2-P5:

	Fixes "ZXFR" denial of service attack
	Fixes "division by 0" denial of service attack
	Fix various other random problems
	Add *no* new functionality

Distribution files are:

ftp://ftp.isc.org/isc/bind/src/8.2.2-P7/bind-src.tar.gz
ftp://ftp.isc.org/isc/bind/src/8.2.2-P7/bind-doc.tar.gz
ftp://ftp.isc.org/isc/bind/src/8.2.2-P7/bind-contrib.tar.gz

PGP signature files are:

ftp://ftp.isc.org/isc/bind/src/8.2.2-P7/bind-src.tar.gz.asc
ftp://ftp.isc.org/isc/bind/src/8.2.2-P7/bind-doc.tar.gz.asc
ftp://ftp.isc.org/isc/bind/src/8.2.2-P7/bind-contrib.tar.gz.asc

MD5 checksums are:

MD5 (bind-contrib.tar.gz) = 51420e28ab025b3a28e4488e1318d299
MD5 (bind-contrib.tar.gz.asc) = a55b10d415628bfa0d5a31deefb26900
MD5 (bind-doc.tar.gz) = 6f26254fdd43e3d4b8b42062bb9766db
MD5 (bind-doc.tar.gz.asc) = c3879bce186ff60710edcb3cddc2a444
MD5 (bind-src.tar.gz) = 832669455e70a4b58e635b6b02e87910
MD5 (bind-src.tar.gz.asc) = b4ae26fa5a3a552e2cb5ff03f2001d01

top of CHANGES says:

        --- 8.2.2-P7 released ---

1048.   [bug]           ns_ctl_install() was corrupting the server_controls
                        list.

1007.   [bug]           only set STREAM_AXFRIXFR if the original query is   
                        an IXFR.

 982.   [bug]           rollback the compression pointers array when a
                        RRset/RR does not fit.

 962.   [bug]           another almost-complete rewrite of IXFR from kjd (462)
                        [incorporate ZXFR DoS fix from #962]

        --- 8.2.2-P6 released ---

 903.   [bug]           divide by zero bug when querying for SIG records from
                        a secure zone.

 902.   [support]       don't attempt to set q_fzone if we won't be using it.

 901.   [support]       delay notify timer setting until all zones have been
                        loaded.

 900.   [port]          hpux10 fix call to bison; sco call bison consistenly.

 899.   [bug]           dynamically allocate buffer used to display RR rather
                        than uses a fixed sized one. grow as needed.

 898.   [bug]           if truncation caused no RR's to appear in the answer we
                        mis-classified the answer on a NODATA.

 897.   [support]       descriptors used by named should not be inherited by
                        named-xfer.

 896.   [contrib]       add contrib/adm/adm-nxt, an exploit for the NXT bug
                        in 8.2 and 8.2.1.  as before, we do not recommend its
                        use, and we do recommend that you run the latest BIND.

	--- 8.2.2-P5 released ---

 895.	[port]		minor NT build and documentation improvements.

 894.	[bug]		incorrect "key" statements in named.conf weren't
			handled properly.

	--- 8.2.2-P4 released ---

 893.	[bug]		DNSSEC logic in bin/host broke -t any

 892.	[bug]		multiple SOA on AXFR bug

        --- 8.2.2-P3 released ---

 891.   [bug]           options { also-notify { ... }; }; resulted in wrong
                        pointer being memput with the wrong size on reload.

 890.   [port]          A/UX portability improved.

 889.   [port]          added IPv6 portability for OpenBSD, NetBSD, FreeBSD.

        --- 8.2.2-P2 released (internal release) ---

 888.   [support]       add default: all tag to top src/Makefile so that "make"
                        will work properly in some OS'.

 887.   [bug]           "dig ... axfr" was printing spurious "TSIG ok" msgs.

 886.   [support]       top-level Makefile now included in all tarballs.

 885.   [support]       IXFR improvements.

 884.   [bug]           some deprecated NXT RR forms weren't ignored properly.

 883.   [support]       "host" command can now try to verify dnssec signatures.

 882.   [contrib]       dns_signer/ had some last minute problems (by author).

 881.   [bug]           possible sprintf() overflow prevented.

 880.   [support]       minor tweak to bin/dig/dig.c TSIG code to clarify
                        whether res_nsend or res_nsendsigned is being used.

 879.   [support]       add "noesw" target to top-level Makefile (for PL1).

 878.   [port]          aix4 HAS_INET6_STRUCTS was not being set based on the
                        existance of _IN6_ADDR_STRUCT.

 877.   [port]          freebsd + KAME need a different Makefile.set
                        see INSTALL notes.

 876.   [port]          IPv6 probe for MPE/IX, NetBSD.

 875.   [bug]           bad NAPTR RRs could be loaded from zone files.

 874.   [port]          update irix_patch in irix port.

 873.   [port]          add SRC/tools to sco's make [std]links.

	--- 8.2.2-REL released ---
...

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.5.5, an Emacs/PGP interface

iQCVAwUBOgttf3cdkq6JcsfBAQGP0AQAtmrHU8c709cZnEG+TmKO4atAf1hsF7cB
WQYCJM6D8mRVoI0nv7954Cwj0JORTWzal1OU6lv7cDtMPqUrJOXbP8iqUMrSMhe0
HK6Mutc7/epkERxOG4xXjsUVTAcnowOQcuZ+8WrJU+y0LbUMN2O25k2KpVnPW7F6
FmbDuagRqfI=
=n5qY
-----END PGP SIGNATURE-----

More information about the bind-users mailing list