[Bug 279316] [NEW] SRU for bind9 to 9.4.2.dfsg.P2 on hardy
Jamie Strandboge
jamie at ubuntu.com
Mon Oct 6 22:07:32 BST 2008
Public bug reported:
Binary package hint: bind9
This update is an upstream microversion update that fixes bugs #252675. ISC has described this update as:
This is the SECOND security patch for BIND 9.4.2, addressing performance and stability issues in BIND 9.4.2-P1. Key features are as follows:
- performance improvement over the P1 releases, namely
+ significantly remedying the port allocation issues
+ allowing TCP queries and zone transfers while issuing as many
outstanding UDP queries as possible
+ additional security of port randomization at the same level as P1
In addition to the above, this update includes fixes for bug #257682
(compile dig with -DDIG_SIGCHASE) and an apparmor addition to allow
access to /var/log/named
The apparmor policy and dig changes have minimal regression potential.
The upstream upgrade to P2 is required for for high volume sites, as
performance regressions were introduced in the security update for
CVE-2008-1447 in these circumstances.
Intrepid has these updates in the 9.5.0 P2 series
There is no practical test case for the performance regression, other than using it in a very high volume capacity. Test case for dig:
% dig +sigchase +dnssec DS fugue.se.
Invalid option: +sigchase
Lamont, can you comment on the regression potential for this update?
** Affects: bind9 (Ubuntu)
Importance: Undecided
Status: New
--
SRU for bind9 to 9.4.2.dfsg.P2 on hardy
https://bugs.launchpad.net/bugs/279316
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list