Differences

This shows you the differences between two versions of the page.

--- changelog_14.2 [2020/08/19 17:00] – connie
+++ changelog_14.2 [2020/08/21 18:29] – [2020-08-19] connie
@@ Line 2: / Line 2: @@
 Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding.
+==== 2020-08-21 ====
+**bind-9.11.22**:  Upgraded.
+This update fixes three security issues:
+"update-policy" rules of type "subdomain" were incorrectly treated as
+"zonesub" rules, which allowed keys used in "subdomain" rules to update
+names outside of the specified subdomains. The problem was fixed by making
+sure "subdomain" rules are again processed as described in the ARM.
+When BIND 9 was compiled with native PKCS#11 support, it was possible to
+trigger an assertion failure in code determining the number of bits in the
+PKCS#11 RSA public key with a specially crafted packet.
+It was possible to trigger an assertion failure when verifying the response
+to a TSIG-signed request.
+For more information, see:
+  * https://kb.isc.org/docs/cve-2020-8624
+  * https://kb.isc.org/docs/cve-2020-8623
+  * https://kb.isc.org/docs/cve-2020-8622
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8624
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8623
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8622
+(**Security fix**)
 ==== 2020-08-19 ====