[nsd-users] NSD 4.2.2rc1 pre-release

Wouter Wijngaards wouter at nlnetlabs.nl
Tue Aug 6 09:55:39 UTC 2019


NSD 4.2.2rc1 maintainer's pre-release is available:
sha256 7edc758b8700d53a10f613730a77702a0ab345259f24508584fe2f5ff8b37614
pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.2.2rc1.tar.gz.asc

This release fixes a number of, smaller, bugs.  Several failures are
fixed in the zone file parser, reported by fuzzing from Frederic Cambus.

NSD now warns when a zonefile is parsed with SSHFP records in it with
wrong lengths.  The record itself is still managed normally, eg. does
not cause the zone to stop loading.  They are output into log, but the
warnings are easily visible from the commandline using nsd-checkzone.

- Fix #20: CVE-2019-13207 Stack-based Buffer Overflow in the
  dname_concatenate() function.  Reported by Frederic Cambus.
  It causes the zone parser to crash on a malformed zone file,
  with assertions enabled, an assertion catches it.
- Fix #19: Out-of-bounds read caused by improper validation of
  array index.  Reported by Frederic Cambus.  The zone parser
  fails on type SIG because of mismatched definition with RRSIG.
- PR #23: Fix typo in nsd.conf man-page.
- Fix that NSD warns for wrong length of the hash in SSHFP records.
- Fix #25: NSD doesn't refresh zones after extended downtime,
  it refreshes the old zones.
- Set no renegotiation on the SSL context to stop client
  session renegotiation.
- Fix #29: SSHFP check NULL pointer dereference.
- Fix #30: SSHFP check failure due to missing domain name.
- Fix to timeval_add in minievent for remaining second in microseconds.
- PR #31: nsd-control: Add missing stdio header.
- PR #32: tsig: Fix compilation without HAVE_SSL.
- Cleanup tls context on xfrd exit.

Best regards, Wouter

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20190806/360933a7/attachment.bin>

More information about the nsd-users mailing list