projects / feed / packages.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0ce7442) | patch
bind: bump to 9.18.1
authorNoah Meyerhans <frodo@morgul.net>
Fri, 18 Mar 2022 01:32:38 +0000 (18:32 -0700)
committerRosen Penev <rosenp@gmail.com>
Fri, 18 Mar 2022 07:34:43 +0000 (00:34 -0700)
commit4c6ea5379c02c97e49fde6e62cf0dad278f64313
treed3cc47eebe00569e972bb1e36986fd02021cde27tree | snapshot
parent0ce744202ad2a2feaa3b841ce934765416d1339ecommit | diff
bind: bump to 9.18.1

Fixes multiple security issues:

 * CVE-2022-0667 -- An assertion could occur in resume_dslookup() if the
                    fetch had been shut down earlier
 * CVE-2022-0635 -- Lookups involving a DNAME could trigger an INSIST when
                    "synth-from-dnssec" was enabled
 * CVE-2022-0396 -- A synchronous call to closehandle_cb() caused
                    isc__nm_process_sock_buffer() to be called recursively,
                    which in turn left TCP connections hanging in the CLOSE_WAIT
                    state blocking indefinitely when out-of-order processing was
                    disabled.
 * CVE-2021-25220 -- The rules for acceptance of records into the cache
                     have been tightened to prevent the possibility of
                     poisoning if forwarders send records outside the
                     configured bailiwick

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
net/bind/Makefile diff | blob | history
Mirror of packages feed