]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: a843ab6) | patch
bind: update to 9.10.6
authorArmin Kuster <akuster808@gmail.com>
Fri, 3 Nov 2017 19:54:48 +0000 (12:54 -0700)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Sun, 5 Nov 2017 22:42:44 +0000 (22:42 +0000)
commit96e9adb60320b2e2f0bb7a04d9ed49ddc53649bb
tree307a8e501ac5939f5ce5f07a4ff79491cd971fbbtree | snapshot
parenta843ab62f2252165ec3d687de92f939f766376e4commit | diff
bind: update to 9.10.6

Security Fixes

     * An error in TSIG handling could permit unauthorized zone transfers
       or zone updates. These flaws are disclosed in CVE-2017-3142 and
       CVE-2017-3143. [RT #45383]
     * The BIND installer on Windows used an unquoted service path, which
       can enable privilege escalation. This flaw is disclosed in
       CVE-2017-3141. [RT #45229]
     * With certain RPZ configurations, a response with TTL 0 could cause
       named to go into an infinite query loop. This flaw is disclosed in
       CVE-2017-3140. [RT #45181]

End of Life

   The end of life for BIND 9.10 is yet to be determined but will not be
   before BIND 9.12.0 has been released for 6 months.
   https://www.isc.org/downloads/software-support-policy/

more info see https://lists.isc.org/pipermail/bind-announce/2017-July/001063.html

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-connectivity/bind/bind_9.10.6.bb [moved from meta/recipes-connectivity/bind/bind_9.10.5-P3.bb with 96% similarity] diff | blob | history
Mirror of the official openembedded-core repository