pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [pkgsrc-2009Q4] pkgsrc/net/bind9



Module Name:    pkgsrc
Committed By:   tron
Date:           Thu Jan 21 21:20:16 UTC 2010

Modified Files:
        pkgsrc/net/bind9 [pkgsrc-2009Q4]: Makefile distinfo

Log Message:
Pullup ticket #2966 - requested by spz
bind9: security update

Revisions pulled up:
- net/bind9/Makefile                    1.112 via patch
- net/bind9/distinfo                    1.46
---
Module Name:    pkgsrc
Committed By:   spz
Date:           Thu Jan 21 19:54:33 UTC 2010

Modified Files:
        pkgsrc/net/bind9: Makefile distinfo

Log Message:
security update:
BIND 9.4.3-P4 is a SECURITY PATCH for BIND 9.4.3.  It addresses a
potential cache poisoning vulnerability, in which data in the additional
section of a response could be cached without proper DNSSEC validation.

Changes since 9.4.3-P3:

2772.   [security]      When validating, track whether pending data was from
                        the additional section or not and only return it if
                        validates as secure. [RT #20438]

BIND 9.4.3-P5 is a SECURITY PATCH for BIND 9.4.3.  It addresses two
potential cache poisoning vulnerabilities, both of which could allow
a validating recursive nameserver to cache data which had not been
authenticated or was invalid.

CVE identifiers: CVE-2009-4022, CVE-2010-0097
CERT advisories: VU#418861, VU#360341

Changes since 9.4.3-P4:

2831.   [security]      Do not attempt to validate or cache
                        out-of-bailiwick data returned with a secure
                        answer; it must be re-fetched from its original
                        source and validated in that context. [RT #20819]

2828.   [security]      Cached CNAME or DNAME RR could be returned to clients
                        without DNSSEC validation. [RT #20737]

2827.   [security]      Bogus NXDOMAIN could be cached as if valid. [RT #20712]


To generate a diff of this commit:
cvs rdiff -u -r1.110 -r1.110.2.1 pkgsrc/net/bind9/Makefile
cvs rdiff -u -r1.45 -r1.45.2.1 pkgsrc/net/bind9/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



Home | Main Index | Thread Index | Old Index