diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml index b01aed75cd..a29e16132d 100644 --- a/doc/arm/notes.xml +++ b/doc/arm/notes.xml @@ -66,25 +66,51 @@ - Added the ability to specify the maximum number of records - permitted in a zone (max-records #;). This provides a mechanism - to block overly large zone transfers, which is a potential risk - with slave zones transferred from other parties, as described - in CVE-2016-6170. [RT #42143] + A coding error in the + feature could lead to an assertion failure if the redirection + namespace was served from a local authoritative data source + such as a local zone or a DLZ instead of via recursive + lookup. This flaw is disclosed in CVE-2016-9778. [RT #43837] + + + + + named could mishandle authority sections + with missing RRSIGs, triggering an assertion failure. This + flaw is disclosed in CVE-2016-9444. [RT #43632] + + + + + named mishandled some responses where + covering RRSIG records were returned without the requested + data, resulting in an assertion failure. This flaw is + disclosed in CVE-2016-9147. [RT #43548] + + + + + named incorrectly tried to cache TKEY + records which could trigger an assertion failure when there was + a class mismatch. This flaw is disclosed in CVE-2016-9131. + [RT #43522] It was possible to trigger assertions when processing - responses containing an answer of type DNAME. This flaw is + responses containing answers of type DNAME. This flaw is disclosed in CVE-2016-8864. [RT #43465] - Named incorrectly tried to cache TKEY records which could - trigger a assertion failure when there was a class mismatch. - This flaw is disclosed in CVE-2016-9131. [RT #43522] + Added the ability to specify the maximum number of records + permitted in a zone (). + This provides a mechanism to block overly large zone + transfers, which is a potential risk with slave zones from + other parties, as described in CVE-2016-6170. + [RT #42143]