Commit 6cf0a452 authored by Evan Hunt's avatar Evan Hunt
Browse files

Merge branch '185-fix-changes-entry-v9_12' into v9_12

parents 6b5853dd af047f39
Pipeline #1794 passed with stages
in 6 minutes and 32 seconds
......@@ -19,7 +19,9 @@
4935. [func] Add support for LibreSSL >= 2.7.0 (some OpenSSL 1.1.0
call were added). [GL #191]
 
4934. [security] Simultaneous use of stale cache records and NSEC
4934. [security] The serve-stale feature could cause an assertion failure
in rbtdb.c even when stale-answer-enable was false.
Simultaneous use of stale cache records and NSEC
aggressive negative caching could trigger a recursion
loop. (CVE-2018-5737) [GL #185]
 
......
......@@ -42,11 +42,27 @@
<itemizedlist>
<listitem>
<para>
update-policy rules that otherwise ignore the name field now
require that it be set to "." to ensure that any type list
present is properly interpreted. Previously, if the name field
was omitted from the rule declaration but a type list was
present, it wouldn't be interpreted as expected.
The serve-stale feature could cause an assertion failure in
rbtdb.c even when stale-answer-enable was false. The
simultaneous use of stale cache records and NSEC aggressive
negative caching could trigger a recursion loop in the
<command>named</command> process. (CVE-2018-5737) [GL #185]
</para>
</listitem>
<listitem>
<para>
A bug in zone database reference counting could lead to a crash
when multiple versions of a slave zone were transferred from a
master in close succession. (CVE-2018-5736) [GL #134]
</para>
</listitem>
<listitem>
<para>
<command>update-policy</command> rules that otherwise ignore the
name field now require that it be set to "." to ensure that any
type list present is properly interpreted. Previously, if the
name field was omitted from the rule declaration but a type list
was present, it wouldn't be interpreted as expected.
</para>
</listitem>
</itemizedlist>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment