marka at isc.org
Tue Jul 5 13:17:02 UTC 2011
BIND 9.8.0-P4 is security patch for BIND 9.8.0.
Please see the CHANGES file in the source code release for a complete
list of all changes.
The latest versions of BIND 9 software can always be found on our web
site at http://www.isc.org/downloads/all. There you will find
additional information about each release, source code, and some
pre-compiled versions for certain operating systems.
Product support information is available on
http://www.isc.org/services/support for paid support options. Free
support is provided by our user community via a mailing list.
Information on all public email lists is available at
* Using Response Policy Zone (RPZ) with DNAME records and querying
the subdomain of that label can cause named to crash. Now logs that
DNAME is not supported. [RT #24766]
* If named is configured to be both authoritative and resursive and
receives a recursive query for a CNAME in a zone that it is
authoritative for, if that CNAME also points to a zone the server
is authoritative for, the recursive part of name will not follow
the CNAME change and the response will not be a complete CNAME
chain. [RT #24455]
* Using Response Policy Zone (RPZ) to query a wildcard CNAME label
with QUERY type SIG/RRSIG, it can cause named to crash. Fix is
query type independant. [RT #24715] [CVE-2011-1907]
* Change #2912 (see CHANGES) exposed a latent bug in the DNS message
processing code that could allow certain UPDATE requests to crash
named. This was fixed by disambiguating internal database
representation vs DNS wire format data. [RT #24777] [CVE-2011-2464]
Thank you to everyone who assisted us in making this release possible.
If you would like to contribute to ISC to assist us in continuing to
make quality open source software, please visit our donations page at
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-workers