[Oraclevm-errata] OVMSA-2014-0084 Important: Oracle VM 3.3 bind security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Wed Dec 24 08:40:42 PST 2014


Oracle VM Security Advisory OVMSA-2014-0084

The following updated rpms for Oracle VM 3.3 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
bind-libs-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm
bind-utils-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm


SRPMS:
http://oss.oracle.com/oraclevm/server/3.3/SRPMS-updates/bind-9.8.2-0.30.rc1.el6_6.1.src.rpm



Description of changes:

[32:9.8.2-0.30.rc1.1]
- Fix CVE-2014-8500 (#1171973)

[32:9.8.2-0.30.rc1]
- Use /dev/urandom when generating rndc.key file (#951255)

[32:9.8.2-0.29.rc1]
- Remove bogus file from /usr/share/doc, introduced by fix for bug #1092035

[32:9.8.2-0.28.rc1]
- Add support for TLSA resource records (#956685)
- Increase defaults for lwresd workers and make workers and client 
objects number configurable (#1092035)

[32:9.8.2-0.27.rc1]
- Fix segmentation fault in nsupdate when -r option is used (#1064045)
- Fix race condition on send buffer in host tool when sending UDP query 
(#1008827)
- Allow authentication using TSIG in allow-notify configuration 
statement (#1044545)
- Fix SELinux context of /var/named/chroot/etc/localtime (#902431)
- Include updated named.ca file with root server addresses (#917356)
- Don't generate rndc.key if there is rndc.conf on start-up (#997743)
- Fix dig man page regarding how to disable IDN (#1023045)
- Handle ICMP Destination unreachable (Protocol unreachable) response 
(#1066876)

[32:9.8.2-0.26.rc1]
- Configure BIND with --with-dlopen=yes to support dynamically loadable 
DLZ drivers (#846065)
- Fix initscript to return correct exit value when calling 
checkconfig/configtest/check/test (#848033)
- Don't (un)mount chroot filesystem when running initscript command 
configtest with running server (#851123)
- Fix zone2sqlite tool to accept zones containing "." or "-" or starting 
with a digit (#919414)
- Fix initscript not to mount chroot filesystem is named is already 
running (#948743)
- Fix initscript to check if the PID in PID-file is really s PID of 
running named server (#980632)
- Correct the installed documentation ownership (#1051283)

[32:9.8.2-0.25.rc1]
- configure with --enable-filter-aaaa to enable use of filter-aaaa-on-v4 
option (#1025008)
- Fix race condition when destroying a resolver fetch object (#993612)
- Fix the RRL functionality to include referrals-per-second and 
nodata-per-second options (#1036700)
- Fix segfault on SERVFAIL to NXDOMAIN failover (#919545)

[32:9.8.2-0.24.rc1]
- Fix CVE-2014-0591

[32:9.8.2-0.23.rc1]
- Fix gssapictx memory leak (#911167)

[32:9.8.2-0.22.rc1]
- fix CVE-2013-4854

[32:9.8.2-0.21.rc1]
- fix  CVE-2013-2266
- ship dns/rrl.h in -devel subpkg

[32:9.8.2-0.20.rc1]
- remove one bogus file from /usr/share/doc, introduced by RRL patch

[32:9.8.2-0.19.rc1]
- fix CVE-2012-5689

[32:9.8.2-0.18.rc1]
- add response rate limit patch (#873624)



More information about the Oraclevm-errata mailing list