Commit 166a7500 authored by Evan Hunt's avatar Evan Hunt
Browse files

[master] add notes

parent c6b699b5
......@@ -39,14 +39,42 @@
<title>Security Fixes</title>
<itemizedlist>
<listitem>
<para>None</para>
<para>
A flaw in delegation handling could be exploited to put
<command>named</command> into an infinite loop, in which
each lookup of a name server triggered additional lookups
of more name servers. This has been addressed by placing
limits on the number of levels of recursion
<command>named</command> will allow (default 7), and
on the number of queries that it will send before
terminating a recursive query (default 50).
</para>
<para>
The recursion depth limit is configured via the
<option>max-recursion-depth</option> option, and the query limit
via the <option>max-recursion-queries</option> option.
</para>
<para>
The flaw was discovered by Florian Maury of ANSSI, and is
disclosed in CVE-2014-8500. [RT #37580]
</para>
</listitem>
<listitem>
<para>
Errors reported when running <command>rndc addzone</command>
(e.g., when a zone file cannot be loaded) have been clarified
to make it easier to diagnose problems.
</para>
<para>
Two separate problems were identified in BIND's GeoIP code that
could lead to an assertion failure. One was triggered by use of
both IPv4 and IPv6 address families, the other by referencing
a GeoIP database in <filename>named.conf</filename> which was
not installed. Both are covered by CVE-2014-8680. [RT #37672]
[RT #37679]
</para>
<para>
A less serious security flaw was also found in GeoIP: changes
to the <command>geoip-directory</command> option in
<filename>named.conf</filename> were ignored when running
<command>rndc reconfig</command>. In theory, this could allow
<command>named</command> to allow access to unintended clients.
</para>
</listitem>
</itemizedlist>
</sect2>
......@@ -283,6 +311,13 @@
truncated output.)
</para>
</listitem>
<listitem>
<para>
Errors reported when running <command>rndc addzone</command>
(e.g., when a zone file cannot be loaded) have been clarified
to make it easier to diagnose problems.
</para>
</listitem>
</itemizedlist>
</sect2>
<sect2 id="relnotes_bugs">
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment