Two BIND 9 Security Vulnerabilities Announced Today
ISC is releasing updated versions of BIND 9 to address two newly-discovered security vulnerabilities We have released new versions of BIND: 9.Read post
ISC BIND 9.8.1b3 is now available. BIND 9.8.1b3 is the third beta release of BIND 9.8.
This document summarizes changes from BIND 9.8.0 to BIND 9.8.1b3. Please see the CHANGES file in the source code release for a complete list of all changes.
The latest versions of BIND 9 software can always be found on our website at https://www.isc.org/download. There you will find additional information about each release, source code, and some pre-compiled versions for certain operating systems.
Support Product support information is available on https://www.isc.org/support.
Free support is provided by our user community via a mailing list. Information on all public email lists is available at https://lists.isc.org/mailman/listinfo.
Added a new include file with function typedefs for the DLZ “dlopen” driver. [RT #23629]
Added a tool able to generate malformed packets to allow testing of how named handles them. [RT #24096]
namedis configured with a response policy zone (RPZ) and a query of type RRSIG is received for a name configured for RRset replacement in that RPZ, it will trigger an INSIST and crash the server. RRSIG. [RT #24280]
named, set up to be a caching resolver, is vulnerable to a user querying a domain with very large resource record sets (RRSets) when trying to negatively cache the response. Due to an off-by-one error, caching the response could cause
namedto crash. [RT #24650] [CVE-2011-1910]
namedto crash. Fix is query-type independent. [RT #24715]
namedto crash. Now logs that DNAME is not supported. [RT #24766]
named. With this fix, change 2912 has been reduced to copy only the zone section to the reply. A more complete fix for the latent bug will be released later. [RT #24777]
Improved the startup time for an authoritative server with a large number of zones by making the zone task table of variable size rather than fixed size. This means that authoritative servers with lots of zones will be serving that zone data much sooner. [RT #24406]
Merged in the NetBSD ATF test framework (currently version 0.12) for development of future unit tests. Use configure –with-atf to build ATF internally or configure –with-atf=prefix to use an external copy. [RT #23209]
Added more verbose error reporting from DLZ LDAP. [RT #23402]
The DLZ “dlopen” driver is now built by default, no longer requiring a configure option. To disable it, use “configure–without-dlopen”. (Note: driver not supported on win32.) [RT#23467]
Replaced compile time constant with STDTIME_ON_32BITS. [RT #23587]
Make –with-gssapi default for ./configure. [RT #23738]
Thank you to everyone who assisted us in making this release possible. If you would like to contribute to ISC to assist us in continuing to make quality open source software, please visit our donations page at https://www.isc.org/donate.
What's New from ISC