SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for bind-utils-9.7.3P3-0.5.1.i586.rpm :
Tue Nov 22 13:00:00 2011 mkubecekAATTsuse.cz
- backported fix for CVE-2011-4313 (bnc#730995)
Remotely exploitable DoS using specially crafted query.
bind-9.7.3-CVE-2011-4313.patch

Wed Jul 6 14:00:00 2011 mkubecekAATTsuse.cz
- updated to 9.7.3-P3
- Remote packet denial of dervice against authoritative and
recursive servers (bnc#703907, CVE-2011-2464)
- Use an rdataset attribute flag to indicate negative-cache records
rather than using rrtype 0; this will prevent problems when that
rrtype is used in actual DNS packets
- updated named.root file (2011060800, AAAA record for d.root-servers.net)

Tue May 31 14:00:00 2011 meissnerAATTsuse.de
- updated to 9.7.3-P1 to fix RRSIG denial of service (CVE-2011-1910 / bnc#696585)
- updated named.root file

Tue May 31 14:00:00 2011 meissnerAATTsuse.de
- updated named.root file

Thu Feb 24 13:00:00 2011 ugAATTsuse.de
- fixed VUL-0: bind: IXFR or DDNS update combined with
high query rate DoS vulnerability
bnc#674431, CVE-2011-0414
- version from 9.7.1-p2 to 9.7.3
see CHANGES for details

Mon Dec 6 13:00:00 2010 ugAATTsuse.de
- fixed VUL-0: bind: Key algorithm rollover bug
bnc#657102, CVE-2010-3614
- fixed VUL-0: bind: cache incorrectly allows a ncache entry and a rrsig for the same type
bnc#657129, CVE-2010-3613
- fixed return code of \"rcnamed status\"

Tue Oct 12 14:00:00 2010 ugAATTsuse.de
- when a recursive validating server has a trust anchor
that is configured statically or via DNSSEC Lookaside
Validation (DLV), allows remote attackers to cause a
denial of service (infinite loop) via a query for
an RRSIG record whose answer is not in the cache, which causes BIND to
repeatedly send RRSIG queries to the authoritative servers.
(bnc#644907)
VUL-0: bind: DNSSEC denial of service via a recursive validating server
- Temporarily and partially disable change 2864
because it would cause inifinite attempts of RRSIG
queries. This is an urgent care fix; we\'ll
revisit the issue and complete the fix later.
[RT #21710]
- Named failed to accept uncachable negative responses
from insecure zones. [RT# 21555]

Mon Jul 26 14:00:00 2010 ugAATTsuse.de
- chrooted bind failed to start (bnc#625019)

Mon Jun 21 14:00:00 2010 ugAATTsuse.de
- genrandom: add support for the generation of multiple
files.
- Update empty-zones list to match
draft-ietf-dnsop-default-local-zones-13.
- Incrementally write the master file after performing
a AXFR.
- Add AAAA address for L.ROOT-SERVERS.NET.
- around 50 bugs fixed (see CHANGELOG for details)
- version 9.7.1

Thu May 20 14:00:00 2010 ugAATTsuse.de
- Handle broken DNSSEC trust chains better. [RT #15619]
- Named could return SERVFAIL for negative responses
from unsigned zones. [RT #21131
- version 9.7.0-P2

Sat May 1 14:00:00 2010 ajAATTsuse.de
- Handle /var/run on tmpfs.
- do not use run_ldconfig.

Wed Feb 24 13:00:00 2010 jengelhAATTmedozas.de
- Enable DLZ-LDAP (supersedes sdb_ldap) and add a patch

Wed Feb 17 13:00:00 2010 ugAATTsuse.de
- Fully automatic signing of zones by \"named\".
- Simplified configuration of DNSSEC Lookaside Validation (DLV).
- Simplified configuration of Dynamic DNS, using the \"ddns-confgen\"
command line tool or the \"local\" update-policy option. (As a side
effect, this also makes it easier to configure automatic zone
re-signing.)
- New named option \"attach-cache\" that allows multiple views to
share a single cache.
- DNS rebinding attack prevention.
- New default values for dnssec-keygen parameters.
- Support for RFC 5011 automated trust anchor maintenance
- Smart signing: simplified tools for zone signing and key
maintenance.
- The \"statistics-channels\" option is now available on Windows.
- A new DNSSEC-aware libdns API for use by non-BIND9 applications
- On some platforms, named and other binaries can now print out
a stack backtrace on assertion failure, to aid in debugging.
- A \"tools only\" installation mode on Windows, which only installs
dig, host, nslookup and nsupdate.
- Improved PKCS#11 support, including Keyper support and explicit
OpenSSL engine selection.
- version 9.7.0

Wed Jan 20 13:00:00 2010 ugAATTsuse.de
- [security] Do not attempt to validate or cache
out-of-bailiwick data returned with a secure
answer; it must be re-fetched from its original
source and validated in that context. [RT #20819]
- [security] Cached CNAME or DNAME RR could be returned to clients
without DNSSEC validation. [RT #20737]
- [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]
- version 9.6.1-P3

Mon Jan 4 13:00:00 2010 ugAATTsuse.de
- removed the syntax check for include files (bnc#567593)

Tue Dec 15 13:00:00 2009 jengelhAATTmedozas.de
- add baselibs.conf as a source
- enable parallel building
- add baselibs for SPARC
- package documentation as noarch

Wed Nov 25 13:00:00 2009 ugAATTsuse.de
- Security fix
When validating, track whether pending data was from
the additional section or not and only return it if
validates as secure. [RT #20438]
CVE-2009-4022
bnc#558260
- update from P1 to P2

Fri Nov 20 13:00:00 2009 ugAATTsuse.de
- added localhost for ipv6 to default config (bnc#539529)

Wed Nov 18 13:00:00 2009 ugAATTsuse.de
- fixed apparmor profile (bnc#544181)

Tue Nov 3 13:00:00 2009 cooloAATTnovell.com
- updated patches to apply with fuzz=0

Wed Sep 30 14:00:00 2009 ugAATTsuse.de
- using start_daemon instead of startproc (bnc#539532)

Mon Aug 10 14:00:00 2009 ugAATTsuse.de
- version update to 9.6.1-P1
(security fix CVE-2009-0696)
bnc#526185

Tue Jun 30 14:00:00 2009 ugAATTsuse.de
- enabled MySQL DLZ (Dynamically Loadable Zones)

Tue Jun 16 14:00:00 2009 ugAATTsuse.de
- around 50 bugfixes against 9.6.0p1
See changelog for details
- version 9.6.1

Thu Apr 9 14:00:00 2009 ugAATTsuse.de
- not all include files were copied into chroot (bnc#466800)

Tue Mar 3 13:00:00 2009 ugAATTsuse.de
- /etc/named.conf does not include /etc/named.d/forwarders.conf
by default (bnc#480334)

Wed Feb 18 13:00:00 2009 ugAATTsuse.de
- mount /proc into chroot environment to support
multi CPU systems (bnc#470828)

Wed Jan 28 13:00:00 2009 ugAATTsuse.de
- key names with spaces are allowed by genDDNSkey now
(bnc#459739)
- a missing /etc/named.conf.include could lead to an
error while \"restart\" (bnc#455888)
- version update to 9.6.0-P1
- Full NSEC3 support
- Automatic zone re-signing
- New update-policy methods tcp-self and 6to4-self
- The BIND 8 resolver library, libbind, has been removed from the
BIND 9 distribution

Wed Dec 10 13:00:00 2008 olhAATTsuse.de
- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
(bnc#437293)

Wed Nov 26 13:00:00 2008 ugAATTsuse.de
- fix for removed /etc/named.d directory (bnc#448995)

Tue Nov 11 13:00:00 2008 roAATTsuse.de
- SLE-11 uses PPC64 instead of PPC, adapt baselibs.conf

Thu Oct 30 13:00:00 2008 olhAATTsuse.de
- obsolete old -XXbit packages (bnc#437293)

Wed Oct 1 14:00:00 2008 ugAATTsuse.de
- should start/stop fixed (bnc#430901)

Fri Sep 5 14:00:00 2008 mrueckertAATTsuse.de
- delete the static libraries aswell
- added missiong requires to the baselibs.conf

Mon Sep 1 14:00:00 2008 sschoberAATTsuse.de
- Create and copy /etc/named.conf.include to change root jail. Fix
by Frank Hollmann.

Mon Aug 18 14:00:00 2008 ugAATTsuse.de
- \"should-stop\" in lwresd init script fixed

Wed Aug 13 14:00:00 2008 sschoberAATTsuse.de
- Copy complete /etc/named.d to change root jail (bnc#408145).

Tue Aug 12 14:00:00 2008 ugAATTsuse.de
- performance improvement over the P1 releases, namely
+ significantly remedying the port allocation issues
+ allowing TCP queries and zone transfers while issuing as many
outstanding UDP queries as possible
+ additional security of port randomization at the same level as P1
- also includes fixes for several bugs in the 9.5.0 base code
- 9.5.0-P2

Sun Jul 27 14:00:00 2008 ajAATTsuse.de
- Remove .la files, they only introduce more problems and require
libxml2.la installation.

Wed Jul 16 14:00:00 2008 ugAATTsuse.de
- BIND 9.5 offers many new features, including many
behind-the-scenes improvements. For the most part, the non-visible
features help ISC\'s customers who have run into the upper-end of
what BIND 9.4 could handle.
See CHANGES for details
- Statistics Counters / server
- Cache cleaning enhancements
- GSS TSIG
- DHCID Resource Record (RR)
- Handling EDNS timeouts
- version 9.5.0

Mon Jun 9 14:00:00 2008 ugAATTsuse.de
- VUL-0: spoofing made easier due to non-random UDP
source port VU#800113 (bnc#396963)

Tue May 6 14:00:00 2008 ugAATTsuse.de
- capset support fixed (bnc#386653)

Thu Apr 10 14:00:00 2008 roAATTsuse.de
- added baselibs.conf file to build xxbit packages
for multilib support

Tue Feb 26 13:00:00 2008 ugAATTsuse.de
- root.hint file updated (#361094)

Thu Dec 6 13:00:00 2007 ugAATTsuse.de
- version 9.4.2 (more than 50 bugs fixed. See changelog. for details)
- root.hint file updated

Thu Jul 26 14:00:00 2007 mtAATTsuse.de
- Bug #294403: updated to security release 9.4.1-P1 fixing:
CVE-2007-2926: cryptographically weak query ids [RT #16915].
CVE-2007-2925: allow-query-cache/allow-recursion default
acls not set [RT #16987], [RT #16960].

Sat May 26 14:00:00 2007 roAATTsuse.de
- added ldconfig to postinstall script for bind-libs

Tue May 15 14:00:00 2007 ugAATTsuse.de
- added apparmor profile

Wed May 2 14:00:00 2007 ugAATTsuse.de
- version 9.4.1
- query_addsoa() was being called with a non zone db.
[RT #16834]

Fri Mar 30 14:00:00 2007 ugAATTsuse.de
- libidnkitres.la moved to bind-libs for runidn

Thu Mar 29 14:00:00 2007 rguentherAATTsuse.de
- Package .la files in -devel subpackage.
- Do not package useless .la files.
- Make -devel package depend on -libs package, not -utils package.

Mon Mar 5 13:00:00 2007 ugAATTsuse.de
- SuSEFirewall service file added (#246920)
fate #300687

Tue Feb 27 13:00:00 2007 ugAATTsuse.de
- version 9.3.4 to 9.4.0
- too many changes to list them all here. Please see
the CHANGELOG for details
- LDAP backend dropped

Thu Jan 25 13:00:00 2007 ugAATTsuse.de
- Bug #238634
- [security] Serialise validation of type ANY responses. [RT #16555]
- [security] It was possible to dereference a freed fetch
context. [RT #16584]
- version 9.3.3 to 9.3.4

Fri Jan 19 13:00:00 2007 ugAATTsuse.de
- version 9.3.2 to 9.3.3
- lots of bugfixes (see changelog for details)

Tue Jan 2 13:00:00 2007 ugAATTsuse.de
- load of bind during boot fails if ip-up starts
modify_resolvconf at the same time (#221948)

Fri Nov 10 13:00:00 2006 ugAATTsuse.de
- security fix (#218303)
workarounds OpenSSL\'s recently
discovered RSA signature verification issue (CVE-2006-4339) by using
the exponent 65537 (0x10001) instead of the widely used 3.

Tue Oct 17 14:00:00 2006 poemlAATTsuse.de
- there is no SuSEconfig.syslog script anymore, thus remove the
YaST hint from the sysconfig template

Mon Oct 16 14:00:00 2006 ugAATTsuse.de
- typo in sysconfig file fixed (#212337)

Fri Sep 1 14:00:00 2006 ugAATTsuse.de
- security fix
Bug #201424 VUL-0: bind: two denial-of-service attacks
VU#697164
BIND INSIST failure due to excessive recursive queries
VU#915404
BIND assertion failure during SIG query processing

Tue Aug 15 14:00:00 2006 ugAATTsuse.de
- update messages removed

Fri Aug 4 14:00:00 2006 ugAATTsuse.de
- moved the la files to bind-utils
(#182448)

Thu Jul 6 14:00:00 2006 ugAATTsuse.de
- fix for the nsupdate man page (#92730)
thanx to Werner


  
ICM