JARVIS
Der Open-Source DNS Server BIND erhielt je Zweig ein Update und liegt nun in der Version 9.16.42 bzw. 9.18.16 vor.
BIND 9.16.42 Release Notes
Security Fixes
- The overmem cleaning process has been improved, to prevent the cache from significantly exceeding the configured
max-cache-sizelimit. (CVE-2023-2828)ISC would like to thank Shoham Danino from Reichman University, Anat Bremler-Barr from Tel-Aviv University, Yehuda Afek from Tel-Aviv University, and Yuval Shavitt from Tel-Aviv University for bringing this vulnerability to our attention. [GL #4055] - A query that prioritizes stale data over lookup triggers a fetch to refresh the stale data in cache. If the fetch is aborted for exceeding the recursion quota, it was possible for
namedto enter an infinite callback loop and crash due to stack overflow. This has been fixed. (CVE-2023-2911) [GL #4089]
Bug Fixes
- Previously, it was possible for a delegation from cache to be returned to the client after the
stale-answer-client-timeoutduration. This has been fixed. [GL #3950]
Known Issues
- There are no new known issues with this release. See above for a list of all known issues affecting this BIND 9 branch.
BIND 9.18.6 Release Notes
Security Fixes
- The overmem cleaning process has been improved, to prevent the cache from significantly exceeding the configured
max-cache-sizelimit. (CVE-2023-2828)ISC would like to thank Shoham Danino from Reichman University, Anat Bremler-Barr from Tel-Aviv University, Yehuda Afek from Tel-Aviv University, and Yuval Shavitt from Tel-Aviv University for bringing this vulnerability to our attention. [GL #4055] - A query that prioritizes stale data over lookup triggers a fetch to refresh the stale data in cache. If the fetch is aborted for exceeding the recursion quota, it was possible for
namedto enter an infinite callback loop and crash due to stack overflow. This has been fixed. (CVE-2023-2911) [GL #4089]
New Features
- The system test suite can now be executed with pytest (along with pytest-xdist for parallel execution). [GL #3978]
Removed Features
- TKEY mode 2 (Diffie-Hellman Exchanged Keying) is now deprecated, and will be removed in a future release. A warning will be logged when the
tkey-dhkeyoption is used innamed.conf. [GL #3905]
Bug Fixes
- BIND could get stuck on reconfiguration when a
listen-onstatement for HTTP is removed from the configuration. That has been fixed. [GL #4071] - Previously, it was possible for a delegation from cache to be returned to the client after the
stale-answer-client-timeoutduration. This has been fixed. [GL #3950] - BIND could allocate too big buffers when sending data via stream-based DNS transports, leading to increased memory usage. This has been fixed. [GL #4038]
- When the
stale-answer-enableoption was enabled and thestale-answer-client-timeoutoption was enabled and larger than 0,namedpreviously allocated two slots from theclients-per-querylimit for each client and failed to gradually auto-tune its value, as configured. This has been fixed. [GL #4074]
Known Issues
- There are no new known issues with this release. See above for a list of all known issues affecting this BIND 9 branch.
Quelle: BIND 9 – ISC
Interessiert in verschiedenste IT Themen, schreibe ich in diesem Blog über Software, Hardware, Smart Home, Games und vieles mehr. Ich berichte z.B. über die Installation und Konfiguration von Software als auch von Problemen mit dieser. News sind ebenso spannend, sodass ich auch über Updates, Releases und Neuigkeiten aus der IT berichte. Letztendlich nutze ich Taste-of-IT als eigene Dokumentation und Anlaufstelle bei wiederkehrenden Themen. Ich hoffe ich kann dich ebenso informieren und bei Problemen eine schnelle Lösung anbieten. Wer meinen Aufwand unterstützen möchte, kann gerne eine Tasse oder Pod Kaffe per PayPal spenden – vielen Dank.