diff options
| author | Doug Barton <dougb@FreeBSD.org> | 2011-05-28 00:21:28 +0000 |
|---|---|---|
| committer | Doug Barton <dougb@FreeBSD.org> | 2011-05-28 00:21:28 +0000 |
| commit | 37bb75f74000255f3ea6c7c2d2e9ddae3075c19f (patch) | |
| tree | b74697c394b9c5dace073b5174bc5cb33161ac8b /contrib/bind9/bin/dnssec/dnssec-signzone.docbook | |
| parent | 7faf44ba96b9bb769c10022e2647be2522b9a1ed (diff) | |
| parent | dcdfcb5422f2154aa1be713ad454590f1ab6724b (diff) | |
Upgrade to 9.6-ESV-R4-P1, which address the following issues:
1. Very large RRSIG RRsets included in a negative cache can trigger
an assertion failure that will crash named (BIND 9 DNS) due to an
off-by-one error in a buffer size check.
This bug affects all resolving name servers, whether DNSSEC validation
is enabled or not, on all BIND versions prior to today. There is a
possibility of malicious exploitation of this bug by remote users.
2. Named could fail to validate zones listed in a DLV that validated
insecure without using DLV and had DS records in the parent zone.
Add a patch provided by ru@ and confirmed by ISC to fix a crash at
shutdown time when a SIG(0) key is being used.
Notes
Notes:
svn path=/head/; revision=222395
Diffstat (limited to 'contrib/bind9/bin/dnssec/dnssec-signzone.docbook')
| -rw-r--r-- | contrib/bind9/bin/dnssec/dnssec-signzone.docbook | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/contrib/bind9/bin/dnssec/dnssec-signzone.docbook b/contrib/bind9/bin/dnssec/dnssec-signzone.docbook index f204fcd60d75..87a801e7442f 100644 --- a/contrib/bind9/bin/dnssec/dnssec-signzone.docbook +++ b/contrib/bind9/bin/dnssec/dnssec-signzone.docbook @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-signzone.docbook,v 1.31.44.8 2009/11/06 21:36:22 each Exp $ --> +<!-- $Id: dnssec-signzone.docbook,v 1.31.44.8 2009-11-06 21:36:22 each Exp $ --> <refentry id="man.dnssec-signzone"> <refentryinfo> <date>June 08, 2009</date> |