Der Open-Source DNS Server BIND erhielt je Zweig ein Update und liegt nun in der Version 9.16.42 bzw. 9.18.16 vor.
BIND 9.16.42 Release Notes
Security Fixes
- The overmem cleaning process has been improved, to prevent the cache from significantly exceeding the configured
max-cache-size
limit. (CVE-2023-2828)ISC would like to thank Shoham Danino from Reichman University, Anat Bremler-Barr from Tel-Aviv University, Yehuda Afek from Tel-Aviv University, and Yuval Shavitt from Tel-Aviv University for bringing this vulnerability to our attention. [GL #4055] - A query that prioritizes stale data over lookup triggers a fetch to refresh the stale data in cache. If the fetch is aborted for exceeding the recursion quota, it was possible for
named
to enter an infinite callback loop and crash due to stack overflow. This has been fixed. (CVE-2023-2911) [GL #4089]
Bug Fixes
- Previously, it was possible for a delegation from cache to be returned to the client after the
stale-answer-client-timeout
duration. This has been fixed. [GL #3950]
Known Issues
- There are no new known issues with this release. See above for a list of all known issues affecting this BIND 9 branch.
BIND 9.18.6 Release Notes
Security Fixes
- The overmem cleaning process has been improved, to prevent the cache from significantly exceeding the configured
max-cache-size
limit. (CVE-2023-2828)ISC would like to thank Shoham Danino from Reichman University, Anat Bremler-Barr from Tel-Aviv University, Yehuda Afek from Tel-Aviv University, and Yuval Shavitt from Tel-Aviv University for bringing this vulnerability to our attention. [GL #4055] - A query that prioritizes stale data over lookup triggers a fetch to refresh the stale data in cache. If the fetch is aborted for exceeding the recursion quota, it was possible for
named
to enter an infinite callback loop and crash due to stack overflow. This has been fixed. (CVE-2023-2911) [GL #4089]
New Features
- The system test suite can now be executed with pytest (along with pytest-xdist for parallel execution). [GL #3978]
Removed Features
- TKEY mode 2 (Diffie-Hellman Exchanged Keying) is now deprecated, and will be removed in a future release. A warning will be logged when the
tkey-dhkey
option is used innamed.conf
. [GL #3905]
Bug Fixes
- BIND could get stuck on reconfiguration when a
listen-on
statement for HTTP is removed from the configuration. That has been fixed. [GL #4071] - Previously, it was possible for a delegation from cache to be returned to the client after the
stale-answer-client-timeout
duration. This has been fixed. [GL #3950] - BIND could allocate too big buffers when sending data via stream-based DNS transports, leading to increased memory usage. This has been fixed. [GL #4038]
- When the
stale-answer-enable
option was enabled and thestale-answer-client-timeout
option was enabled and larger than 0,named
previously allocated two slots from theclients-per-query
limit for each client and failed to gradually auto-tune its value, as configured. This has been fixed. [GL #4074]
Known Issues
- There are no new known issues with this release. See above for a list of all known issues affecting this BIND 9 branch.
Quelle: BIND 9 – ISC
Interessiert in verschiedenste IT Themen, schreibe ich in diesem Blog über Software, Hardware, Smart Home, Games und vieles mehr. Ich berichte z.B. über die Installation und Konfiguration von Software als auch von Problemen mit dieser. News sind ebenso spannend, sodass ich auch über Updates, Releases und Neuigkeiten aus der IT berichte. Letztendlich nutze ich Taste-of-IT als eigene Dokumentation und Anlaufstelle bei wiederkehrenden Themen. Ich hoffe ich kann dich ebenso informieren und bei Problemen eine schnelle Lösung anbieten. Wer meinen Aufwand unterstützen möchte, kann gerne eine Tasse oder Pod Kaffe per PayPal spenden – vielen Dank.