ECO kit NAMED_V602P011

NAMED_V602P011 - NAMED ECO kit Rev 1.1 for TCPware 6.0-2	21-Jul-2022

    Copyright © 2022 Process Software, LLC
 
    This kit updates TCPware versions 6.0-2 with version 9.11.37
    of the Bind 9 Nameserver (NAMED.EXE), RNDC, and NSUPDATE images.  

    The ranking for this ECO is 1. The overall ranking for it is 0.

    NAMED_V602P011 -- ECO Rank 1 21-Jul-2022
    --------------------------------------------------------------------------
    Add VAX images after figuring out that problems seen were due to missing
    files that the configuration was referencing.


    NAMED_V602P010 -- ECO Rank 1 - 11-Jul-2022
    --------------------------------------------------------------------------
    The following changes have been made in this kit:

    - Update to BIND 9.11.37 from ISC to correct CVE-2021-25220.

    ISC has NOT extended their support date for the BIND-9.11 tree. Therefore
    this is expected to be the last NAMED patch for VAX and Alpha systems due
    to inability to support the new ISV tree on those systems. We plan to
    deliver patches for ia64 systems only based on the BIND-9.16 tree after
    this patch. 

    - Update to BIND 9.11.36 from ISC to correct CVE-2021-25219.

    - Update to BIND 9.11.31 from ISC to correct CVE-2021-25214, CVE-2021-25215
      CVE-2021-25216.

    - Update to BIND 9.11.22 from ISC to correct CVE-2020-8619, CVE-2020-8622,
      CVE-2020-8623, CVS-2020-8624.

    - Update to BIND 9.11.19 from ISC to correct CVE-2020-8616 and CVE-2020-8617

    - Update to BIND 9.11.13 from ISC. This includes changes to address
      CVE-2019-6477.
      Note that the address parsing code has become more strict in this
      version. In the past an address such as 127.0.0.1/8 would be accepted in
      an ACL, now this will generate an error and it will need to be changed
      to 127.0.0.0/8

    - Update to BIND 9.11.12 from ISC.

    - Update to BIND 9.11.8 from ISC to correct CVE-2019-6471.
      CVE-2019-6471: A race condition could trigger an assertion failure when
      a large number of incoming packets were being rejected.)

    - Update to BIND 9.11.6-P1 from ISC to correct CVE-2018-5743.

    - Add support for DNSSEC-KEYGEN algorithms ECDSAP256SHA256 and ECDSAP384SHA384
      on AXP and ia64 systems.

    - Update to BIND 9.11.5-P4 from ISC which corrects the following CVEs:
	CVE-2018-5738, CVE-2018-5744, CVE-2018-5745, CVE-2019-6465.

    - Improve error reporting in code to load crypto routines and cluster
      code in an attempt to get some information on some rare conditions.

    - Update to BIND 9.11.5 to correct the following CVEs:    
	CVE-2018-5741, CVE-2018-5740, CVE-2018-5738.

    - Update to BIND 9.11.4-P1 from ISC to stay with an extended support
      version now that support for BIND 9.9 ended.  This kit also contains
      an updated TCPWARE_LIBCRYPTO image as new entry points were needed.

    --------------------------------------------------------------------------

    For further information on using RNDC and other BIND tools, 
    we recommend referring to the latest edition of O'Reilly's DNS 
    and BIND.

    To run any of the support tools, define symbols, i.e.:

	$ nsupdate :== $tcpware:nsupdate.exe
	$ rndc :== $tcpware:rndc.exe
	$ rndcconfgen :== $tcpware:rndc-confgen.exe

    You need to restart the Nameserver for these changes to take effect.  
    The following command will do it:

	$ @tcpware:restart dns