[SECURITY] Fedora 27 Update: bind-9.11.4-3.P2.fc27
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-54d84b0b0c
2018-10-14 23:28:32.311070
--------------------------------------------------------------------------------
Name : bind
Product : Fedora 27
Version : 9.11.4
Release : 3.P2.fc27
URL : http://www.isc.org/products/BIND/
Summary : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
Description :
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named),
which resolves host names to IP addresses; a resolver library
(routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating properly.
--------------------------------------------------------------------------------
Update Information:
Update to bind 9.11.4-P2 - Fixes CVE-2018-5741
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 20 2018 Petr Men����k <pemensik(a)redhat.com> - 32:9.11.4-3.P2
- Update to bind-9.11.4-P2
* Thu Aug 9 2018 Petr Men����k <pemensik(a)redhat.com> - 32:9.11.4-2.P1
- Update to 9.11.4-P1
- Adds root key sentinel support
- Large IXFR zone transfers are rejected to prevent journal corruption
* Thu Jul 12 2018 Petr Men����k <pemensik(a)redhat.com> - 32:9.11.4-1
- Update to 9.11.4
* Thu Jul 12 2018 Petr Men����k <pemensik(a)redhat.com> - 32:9.11.3-7
- Use new config file named-chroot.files for chroot setup (#1429656)
- Fix chroot devices file verification (#1592873)
- Prevent errors on bind-chroot uninstall when running (#1600583)
* Wed Jun 27 2018 Petr Men����k <pemensik(a)redhat.com> - 32:9.11.3-6
- Require utils instead of library
* Fri May 25 2018 Petr Men����k <pemensik(a)redhat.com> - 32:9.11.3-5
- Remove named.iscdlv.key file (#1595782)
- Fix CVE-2018-5738
- Make named home writeable (#1422680)
- Change named shell to /bin/false
* Thu Apr 5 2018 Petr Men����k <pemensik(a)redhat.com> - 32:9.11.3-4
- Do not link libidn2 to all libraries (#1098783)
- Update named.ca
* Tue Apr 3 2018 Petr Men����k <pemensik(a)redhat.com> - 32:9.11.3-3
- Enable libidn2 support (#1098783)
- Make +noidnout default
* Wed Mar 21 2018 Petr Men����k <pemensik(a)redhat.com> - 32:9.11.3-2
- Rebase to 9.11.3
- Add dig support for libidn2 (#1098783)
* Thu Feb 15 2018 Petr Men����k <pemensik(a)redhat.com> - 32:9.11.3-1.b1
- Rebase to 9.11.3b1
* Thu Jan 18 2018 Petr Men����k <pemensik(a)redhat.com> - 32:9.11.2-1.P1
- Fix CVE-2017-3145, rebase to 9.11.2-P1
* Wed Jan 10 2018 Petr Men����k <pemensik(a)redhat.com> - 32:9.11.1-10.P3
- Proper fix for python3-bind subpackage directory ownership (#1522944)
* Fri Dec 15 2017 Petr Men����k <pemensik(a)redhat.com> - 32:9.11.1-9.P3
- Own python3-bind isc directory (#1522944)
- Make tsstsig system test pass again (#1500017)
* Mon Oct 23 2017 Petr Men����k <pemensik(a)redhat.com> - 32:9.11.1-8.P3
- Include DNSKEY 20326 also in trusted-key.key (#1505476)
- Fix dynamic symbols conflict with ldap (#1205168)
- Use hmac-sha256 for new RNDC keys (#1508003)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1631131 - CVE-2018-5741 bind: Incorrect documentation of krb5-subdomain and
ms-subdomain update policies
https://bugzilla.redhat.com/show_bug.cgi?id=1631131
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-54d84b0b0c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------