NAMED_V610_I64-010 NAMED ECO kit Rev 1.0 for TCPware 6.1 26-Feb-2024 Copyright © 2010-2024 Process Software, LLC This kit updates TCPware for ia64 version 6.1 and 6.0-2 with version 9.16.48 of the Bind 9 Name server images. This kit is only for OpenVMS V8 for ia64 processors. The ranking for this ECO is 3. The overall ranking for it is 3. When this patch is installed on a cluster which shares a single TCPware directory tree it is necessary to do $ INSTALL REPLACE TCPWARE:TCPWARE_LIBCRYPTO $ INSTALL REPLACE TCPWARE:TCPWARE_LIBSSL on each of the cluster members before using any of the new images. The following changes have been made in this kit: NAMED_V610-I64-010 -- ECO Rank 3 26-Feb-2024 ------------------------------------------------------------------------- - Update to BIND 9.16.48 from ISC to fix CVE-2023-50387, CVE-2023-50868 CVE-2023-5517, CVE-2023-4408, CVE-2023-5679, CVE-2023-6516. NAMED_V602_I64-028 -- ECO Rank 3 3-Oct-2023 ------------------------------------------------------------------------- - Update to BIND 9.16.44 from ISC to address CVE-2023-3341 NAMED_V602_I64-027 -- ECO Rank 3 13-Sep-2023 ------------------------------------------------------------------------- - Update to BIND 9.16.42 from ISC - Correct a deadlock. NAMED_V602_I64-026 -- ECO Rank 3 13-Feb-2023 ------------------------------------------------------------------------- - Update to BIND 9.16.37 from ISC to address CVEs 2022-3094, 2022-3736 and 2022-3924. - More work on making sure that there is no attempt to obtain a mutex while at AST level. NAMED_V602_I64-025 -- ECO Rank 3 1-Dec-2022 ------------------------------------------------------------------------- - Only use mutexes to control accesses to critical data structures in I/O detection code. - Update to BIND 9.16.35 - Modify NSLOOKUP to not attempt to lookup IPv6 (AAAA) records by default. NAMED_V602_I64-024 -- ECO Rank 3 2-Nov-2022 ------------------------------------------------------------------------- - Add mutexes to control threaded access to critical data structures in support code. - Update to BIND 9.16.34 NAMED_V602_I64-023 -- ECO Rank 3 18-Oct-2022 ------------------------------------------------------------------------- - Correct an error in DNS cluster code that could leave ASTs disabled. - Improve file name handling. NAMED_V602_I64-022 -- ECO Rank 3 13-Oct-2022 ------------------------------------------------------------------------- - Modifications to the default location for the session key so that it comes from the local root instead of the common root. - Update to BIND 9.16.33 from ISC to address CVE-2022-2795, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178 - Changes to how the images are built so that MULTINET_SOCKET_LIBRARY is no longer needed. NAMED_V602_I64-021 -- ECO Rank 3 16-Sep-2022 ------------------------------------------------------------------------- - Correct some errors in the instructions and update the MULTINET_SOCKET_LIBRARY image. NAMED_V602_I64-020 -- ECO Rank 3 12-July-2022 ------------------------------------------------------------------------- - Update to BIND 9.16.27 to provided the latest Extended Support Version (ESV) code as the 9.11 ESV will no longer be supported by ISC as of March 2022. This patch includes fixes for CVE-2021-25220 and CVE-2022-0396. -------------------------------------------------------------------------- For further information on using RNDC and other BIND tools, we recommend referring to the latest edition of O'Reilly's DNS and BIND. To run any of the support tools, define symbols, i.e.: $ nsupdate :== $tcpware:nsupdate.exe $ rndc :== $tcpware:rndc.exe $ rndcconfgen :== $tcpware:rndc-confgen.exe You need to restart the Nameserver for these changes to take effect. The following command will do it: $ @tcpware:restart dns