diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 15:59:48 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 15:59:48 +0000 |
| commit | 3b9b6d0b8e7f798023c9d109c490449d528fde80 (patch) | |
| tree | 2e1c188dd7b8d7475cd163de9ae02c428343669b /doc/notes/notes-9.18.16.rst | |
| parent | Initial commit. (diff) | |
| download | bind9-3b9b6d0b8e7f798023c9d109c490449d528fde80.tar.xz bind9-3b9b6d0b8e7f798023c9d109c490449d528fde80.zip | |
Adding upstream version 1:9.18.19.upstream/1%9.18.19upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'doc/notes/notes-9.18.16.rst')
| -rw-r--r-- | doc/notes/notes-9.18.16.rst | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/doc/notes/notes-9.18.16.rst b/doc/notes/notes-9.18.16.rst new file mode 100644 index 0000000..9ed090c --- /dev/null +++ b/doc/notes/notes-9.18.16.rst @@ -0,0 +1,72 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +Notes for BIND 9.18.16 +---------------------- + +Security Fixes +~~~~~~~~~~~~~~ + +- The overmem cleaning process has been improved, to prevent the cache from + significantly exceeding the configured :any:`max-cache-size` limit. + (CVE-2023-2828) + + ISC would like to thank Shoham Danino from Reichman University, Anat + Bremler-Barr from Tel-Aviv University, Yehuda Afek from Tel-Aviv University, + and Yuval Shavitt from Tel-Aviv University for bringing this vulnerability to + our attention. :gl:`#4055` + +- A query that prioritizes stale data over lookup triggers a fetch to refresh + the stale data in cache. If the fetch is aborted for exceeding the recursion + quota, it was possible for :iscman:`named` to enter an infinite callback + loop and crash due to stack overflow. This has been fixed. (CVE-2023-2911) + :gl:`#4089` + +New Features +~~~~~~~~~~~~ + +- The system test suite can now be executed with pytest (along with + pytest-xdist for parallel execution). :gl:`#3978` + +Removed Features +~~~~~~~~~~~~~~~~ + +- TKEY mode 2 (Diffie-Hellman Exchanged Keying) is now deprecated, and + will be removed in a future release. A warning will be logged when + the :any:`tkey-dhkey` option is used in ``named.conf``. :gl:`#3905` + +Bug Fixes +~~~~~~~~~ + +- BIND could get stuck on reconfiguration when a :any:`listen-on` + statement for HTTP is removed from the configuration. That has been + fixed. :gl:`#4071` + +- Previously, it was possible for a delegation from cache to be returned + to the client after the :any:`stale-answer-client-timeout` duration. + This has been fixed. :gl:`#3950` + +- BIND could allocate too big buffers when sending data via + stream-based DNS transports, leading to increased memory usage. + This has been fixed. :gl:`#4038` + +- When the :any:`stale-answer-enable` option was enabled and the + :any:`stale-answer-client-timeout` option was enabled and larger than + 0, :iscman:`named` previously allocated two slots from the + :any:`clients-per-query` limit for each client and failed to gradually + auto-tune its value, as configured. This has been fixed. :gl:`#4074` + +Known Issues +~~~~~~~~~~~~ + +- There are no new known issues with this release. See :ref:`above + <relnotes_known_issues>` for a list of all known issues affecting this + BIND 9 branch. |