New changelog entries:
* SECURITY UPDATE: denial of service via large crafted resource record
- check length in lib/dns/include/dns/rdata.h,
lib/dns/{master,rdata,rdataslab}.c. Added tests to
lib/dns/tests/Makefile.in, lib/dns/tests/{master,rdata}_test.c,
lib/dns/tests/testdata/master/master1{5,6}.data.
- Patch backported from 9.8.3-P3
- CVE-2012-4244
New changelog entries:
* SECURITY UPDATE: denial of service via large crafted resource record
- check length in lib/dns/include/dns/rdata.h,
lib/dns/{master,rdata,rdataslab}.c. Added tests to
lib/dns/tests/Makefile.in, lib/dns/tests/{master,rdata}_test.c,
lib/dns/tests/testdata/master/master1{5,6}.data.
- Patch backported from 9.8.3-P3
- CVE-2012-4244
New changelog entries:
* Non-maintainer upload by the Security Team.
* Fix denial of service vulnerability triggered
through an assert because of using bad cache
(CVE-2012-3817; Closes: #683259).
New changelog entries:
* Non-maintainer upload by the Security Team.
* Fix denial of service vulnerability triggered
through an assert because of using bad cache
(CVE-2012-3817; Closes: #683259).
New changelog entries:
* SECURITY UPDATE: denial of service via dnssec validation load
- lib/dns/resolver.c: don't use bad->expire before it has been set.
- Patch backported from 9.8.3-P2.
- CVE-2012-3817
New changelog entries:
* Non-maintainer upload by the Security Team.
* SECURITY UPDATE: ghost domain names attack
- lib/dns/rbtdb.c: Restrict the TTL of NS RRset to no more than that
of the old NS RRset when replacing it.
- Patch backported from 9.8.2.
- CVE-2012-1033
* SECURITY UPDATE: denial of service via zero length rdata handling
- lib/dns/rdata.c,lib/dns/rdataslab.c: use sentinel pointer for
duplicate rdata.
- Patch backported from 9.8.3-P1.
- CVE-2012-1667
New changelog entries:
* Non-maintainer upload by the Security Team.
* SECURITY UPDATE: ghost domain names attack
- lib/dns/rbtdb.c: Restrict the TTL of NS RRset to no more than that
of the old NS RRset when replacing it.
- Patch backported from 9.8.2.
- CVE-2012-1033
* SECURITY UPDATE: denial of service via zero length rdata handling
- lib/dns/rdata.c,lib/dns/rdataslab.c: use sentinel pointer for
duplicate rdata.
- Patch backported from 9.8.3-P1.
- CVE-2012-1667