: Log in!


ウェブ 検索
トップ  >  Linux15歩  >  2015-03-01 bindのupdate
20150301 bind-9.10.2にupdateしました

Release Note

Security Fixes

* On servers configured to perform DNSSEC validation using managed
  trust anchors (i.e., keys configured explicitly via managed-keys,
  or implicitly via dnssec-validation auto; or dnssec-lookaside
  auto;), revoking a trust anchor and sending a new untrusted
  replacement could cause named to crash with an assertion failure.
  This could occur in the event of a botched key rollover, or
  potentially as a result of a deliberate attack if the attacker was
  in position to monitor the victim's DNS traffic.
  This flaw was discovered by Jan-Piet Mens, and is disclosed in
  CVE-2015-1349. [RT #38344]
* A flaw in delegation handling could be exploited to put named into
  an infinite loop, in which each lookup of a name server triggered
  additional lookups of more name servers. This has been addressed by
  placing limits on the number of levels of recursion named will
  allow (default 7), and on the number of queries that it will send
  before terminating a recursive query (default 50).
  The recursion depth limit is configured via the max-recursion-depth
  option, and the query limit via the max-recursion-queries option.
  The flaw was discovered by Florian Maury of ANSSI, and is disclosed
  in CVE-2014-8500. [RT #37580]
* Two separate problems were identified in BIND's GeoIP code that
  could lead to an assertion failure. One was triggered by use of
  both IPv4 and IPv6 address families, the other by referencing a
  GeoIP database in named.conf which was not installed. Both are
  covered by CVE-2014-8680. [RT #37672] [RT #37679]
  A less serious security flaw was also found in GeoIP: changes to
  the geoip-directory option in named.conf were ignored when running
  rndc reconfig. In theory, this could allow named to allow access to
  unintended clients.

・RELEASE-NOTES-BIND-9.10.2.txt を参照してください
投票数:40 平均点:4.25
2015-02-27 sambaのupdate
2015-03-02 lynisのupdate