Slackware-11.0 ChangeLog (2011-08-12)

Fri Aug 12 23:20:00 UTC 2011

  • patches/packages/bind-9.4_ESV_R5-i486-1_slack11.0.tgz
    This BIND update addresses a couple of security issues:
    * named, set up to be a caching resolver, is vulnerable to a user
    querying a domain with very large resource record sets (RRSets)
    when trying to negatively cache the response. Due to an off-by-one
    error, caching the response could cause named to crash. [RT #24650]
    [CVE-2011-1910]
    * Change #2912 (see CHANGES) exposed a latent bug in the DNS message
    processing code that could allow certain UPDATE requests to crash
    named. [RT #24777] [CVE-2011-2464]
    For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464
    (* Security fix *)
  • news/2011/08/12/slackware-11.0-changelog.txt
  • Last modified: 4 years ago
  • by Giuseppe Di Terlizzi