Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package bind for openSUSE:Factory checked in
at 2023-09-22 21:47:10
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/bind (Old)
and /work/SRC/openSUSE:Factory/.bind.new.1770 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bind"
Fri Sep 22 21:47:10 2023 rev:202 rq:1112571 version:9.18.19
Changes:
--------
--- /work/SRC/openSUSE:Factory/bind/bind.changes 2023-09-12
21:02:18.334939018 +0200
+++ /work/SRC/openSUSE:Factory/.bind.new.1770/bind.changes 2023-09-22
21:47:58.870095490 +0200
@@ -1,0 +2,54 @@
+Tue Sep 19 13:28:53 UTC 2023 - Jorik Cronenberg <jorik.cronenb...@suse.com>
+
+- Update to release 9.18.19
+ Security Fixes:
+ * Previously, sending a specially crafted message over the
+ control channel could cause the packet-parsing code to run out
+ of available stack memory, causing named to terminate
+ unexpectedly. This has been fixed. (CVE-2023-3341)
+ [bsc#1215472]
+ * A flaw in the networking code handling DNS-over-TLS queries
+ could cause named to terminate unexpectedly due to an assertion
+ failure under significant DNS-over-TLS query load. This has
+ been fixed. (CVE-2023-4236)
+ [bsc#1215471]
+
+ Removed Features:
+ * The dnssec-must-be-secure option has been deprecated and will
+ be removed in a future release.
+
+ Feature Changes:
+ * If the server command is specified, nsupdate now honors the
+ nsupdate -v option for SOA queries by sending both the UPDATE
+ request and the initial query over TCP.
+
+ Bug Fixes:
+ * The value of the If-Modified-Since header in the statistics
+ channel was not being correctly validated for its length,
+ potentially allowing an authorized user to trigger a buffer
+ overflow. Ensuring the statistics channel is configured
+ correctly to grant access exclusively to authorized users is
+ essential (see the statistics-channels block definition and
+ usage section).
+ * The Content-Length header in the statistics channel was lacking
+ proper bounds checking. A negative or excessively large value
+ could potentially trigger an integer overflow and result in an
+ assertion failure.
+ * Several memory leaks caused by not clearing the OpenSSL error
+ stack were fixed.
+ * The introduction of krb5-subdomain-self-rhs and
+ ms-subdomain-self-rhs UPDATE policies accidentally caused named
+ to return SERVFAIL responses to deletion requests for
+ non-existent PTR and SRV records. This has been fixed.
+ * The stale-refresh-time feature was mistakenly disabled when the
+ server cache was flushed by rndc flush. This has been fixed.
+ * BINDâs memory consumption has been improved by implementing
+ dedicated jemalloc memory arenas for sending buffers. This
+ optimization ensures that memory usage is more efficient and
+ better manages the return of memory pages to the operating
+ system.
+ * Previously, partial writes in the TLS DNS code were not
+ accounted for correctly, which could have led to DNS message
+ corruption. This has been fixed.
+
+-------------------------------------------------------------------
Old:
----
bind-9.18.18.tar.xz
bind-9.18.18.tar.xz.asc
New:
----
bind-9.18.19.tar.xz
bind-9.18.19.tar.xz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ bind.spec ++++++
--- /var/tmp/diff_new_pack.H8Hmav/_old 2023-09-22 21:48:00.530155754 +0200
+++ /var/tmp/diff_new_pack.H8Hmav/_new 2023-09-22 21:48:00.530155754 +0200
@@ -56,7 +56,7 @@
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
Name: bind
-Version: 9.18.18
+Version: 9.18.19
Release: 0
Summary: Domain Name System (DNS) Server (named)
License: MPL-2.0
++++++ bind-9.18.18.tar.xz -> bind-9.18.19.tar.xz ++++++
++++ 39794 lines of diff (skipped)
