New changelog entries:
* SECURITY UPDATE: denial of service via responses containing a DNAME
answer
- lib/dns/resolver.c: remove assertion failure.
- patch backported from 9.9.9-P4.
- CVE-2016-8864
New changelog entries:
* SECURITY UPDATE: denial of service via assertion failure
- lib/dns/message.c: properly handle lengths.
- backported from patch provided by upstream.
- CVE-2016-2776
New changelog entries:
* SECURITY UPDATE: denial of service via rndc control channel input
parsing error
- properly check data in bin/named/control.c, bin/named/controlconf.c,
bin/rndc/rndc.c, lib/isccc/cc.c.
- CVE-2016-1285
* SECURITY UPDATE: denial of service via resource record signatures
parsing issue
- fix improper DNAME handling in lib/dns/resolver.c.
- CVE-2016-1286
New changelog entries:
* SECURITY UPDATE: denial of service via string formatting operations
- lib/dns/rdata/in_1/apl_42.c: use correct length.
- CVE-2015-8704
New changelog entries:
* SECURITY UPDATE: REQUIRE failure via incorrect class
- properly handle class in lib/dns/include/dns/message.h,
lib/dns/message.c, lib/dns/resolver.c, lib/dns/xfrin.c.
- CVE-2015-8000