BIND 9.10.2-P4 Release Notes
| Author: Michael McNally Reference Number: AA-01301 Views: 10691 Created: 2015-09-02 18:43 Last Updated: 2015-09-02 18:54
0 Rating/ Voters
This document summarizes changes since BIND 9.10.2:
BIND 9.10.2-P4 addresses security issues described in
CVE-2015-5722 and CVE-2015-5986.
BIND 9.10.2-P3 addresses a security issue described in
BIND 9.10.2-P2 addresses a security issue described in
BIND 9.10.2-P1 addressed several bugs that have been identified
in the BIND 9.10 implementation of response-policy zones (RPZ).
The bugs are in code which optimizes searching through multiple
policy zones. In some cases, they can cause RPZ to behave
inefficiently by searching for query matches in more policy
zones than are strictly necessary, or to behave unpredictably
by failing to search a policy zone that should have been
searched. In the worst case, they can lead to assertion
failures, terminating named.
The latest versions of BIND 9 software can always be found at
There you will find additional information about each release,
source code, and pre-compiled versions for Microsoft Windows
An incorrect boundary check in the OPENPGPKEY rdatatype
could trigger an assertion failure. This flaw is disclosed
in CVE-2015-5986. [RT #40286]
A buffer accounting error could trigger an assertion failure
when parsing certain malformed DNSSEC keys.
This flaw was discovered by Hanno Boeck of the Fuzzing
Project, and is disclosed in CVE-2015-5722. [RT #40212]
A specially crafted query could trigger an assertion failure
This flaw was discovered by Jonathan Foote, and is disclosed
in CVE-2015-5477. [RT #39795]
On servers configured to perform DNSSEC validation, an
assertion failure could be triggered on answers from
a specially configured server.
This flaw was discovered by Breno Silveira Soares, and is
disclosed in CVE-2015-4620. [RT #39795]
Thank you to everyone who assisted us in making this release possible.
If you would like to contribute to ISC to assist us in continuing to
make quality open source software, please visit our donations page at
© 2001-2017 Internet Systems ConsortiumFor assistance with problems and questions for which you have not been able to find an answer in our Knowledge Base, we recommend searching our community mailing list archives and/or posting your question there (you will need to register there first for your posts to be accepted). The bind-users and the dhcp-users lists particularly have a long-standing and active membership.ISC relies on the financial support of the community to fund the development of its open source software products. If you would like to support future product evolution and maintenance as well having peace of mind knowing that our team of experts are poised to provide you with individual technical assistance whenever you call upon them, then please consider our Professional Subscription Support services - details can be found on our main website.