: Log in!

メインメニュー
Google


ウェブ 検索
サイト内検索
トップ  >  Linux16歩  >  2016-04-30 bindのupdate
20160430 bind-9.10.4にupdateしました


Release Notes for BIND Version 9.10.4

Security Fixes

 * Duplicate EDNS COOKIE options in a response could trigger an
   assertion failure. This flaw is disclosed in CVE-2016-2088. [RT
   #41809]
 * The resolver could abort with an assertion failure due to improper
   DNAME handling when parsing fetch reply messages. This flaw is
   disclosed in CVE-2016-1286. [RT #41753]
 * Malformed control messages can trigger assertions in named and
   rndc. This flaw is disclosed in CVE-2016-1285. [RT #41666]
 * Certain errors that could be encountered when printing out or
   logging an OPT record containing a CLIENT-SUBNET option could be
   mishandled, resulting in an assertion failure. This flaw is
   disclosed in CVE-2015-8705. [RT #41397]
 * Specific APL data could trigger an INSIST. This flaw is disclosed
   in CVE-2015-8704. [RT #41396]
 * Incorrect reference counting could result in an INSIST failure if a
   socket error occurred while performing a lookup. This flaw is
   disclosed in CVE-2015-8461. [RT#40945]
 * Insufficient testing when parsing a message allowed records with an
   incorrect class to be be accepted, triggering a REQUIRE failure
   when those records were subsequently cached. This flaw is disclosed
   in CVE-2015-8000. [RT #40987]

New Features

 * The following resource record types have been implemented: AVC,
   CSYNC, NINFO, RKEY, SINK, SMIMEA, TA, TALINK.
 * Added a warning for a common misconfiguration involving forwarded
   RFC 1918 and IPv6 ULA (Universal Local Address) zones.
 * Contributed software from Nominum is included in the source at
   contrib/dnsperf-2.1.0.0-1/. It includes dnsperf for measuring the
   performance of authoritative DNS servers, resperf for testing the
   resolution performance of a caching DNS server, resperf-report for
   generating a resperf report in HTML with gnuplot graphs, and
   queryparse to extract DNS queries from pcap capture files. This
   software is not installed by default with BIND.
 * When loading a signed zone, named will now check whether an RRSIG's
   inception time is in the future, and if so, it will regenerate the
   RRSIG immediately. This helps when a system's clock needs to be
   reset backwards.

Feature Changes

 * Updated the compiled-in addresses for H.ROOT-SERVERS.NET and
   L.ROOT-SERVERS.NET.
 * The default preferred glue is now the address type of the transport
   the query was received over.
 * On machines with 2 or more processors (CPU), the default value for
   the number of UDP listeners has been changed to the number of
   detected processors minus one.
 * Zone transfers now use smaller message sizes to improve message
   compression. This results in reduced network usage.
 * named -V output now also includes operating system details.

・詳細は、bindサイト(ftp.isc.org/isc/bind9/9.10.4/)
・RELEASE-NOTES-BIND-9.10.4.txt を参照してください
投票数:10 平均点:2.00
前
2016-04-30 phpのupdate
カテゴリートップ
Linux16歩
次
2016-05-04 opensslのupdate