d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
129,819 Commits 4 Branches 49 Tags 2 GiB
0252cc4d0f
Commit Graph

7 Commits

Author SHA1 Message Date
dougb
f5d31f05bd Vendor import of BIND 9.3.3 2006-12-10 07:09:56 +00:00
dougb
4a3a088a0b Update to version 9.3.2-P2, which addresses the vulnerability 
announced by ISC dated 31 October (delivered via e-mail to the
bind-announce@isc.org list on 2 November):

Description:
        Because of OpenSSL's recently announced vulnerabilities
        (CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named,
        we are announcing this workaround and releasing patches.  A proof of
        concept attack on OpenSSL has been demonstrated for CAN-2006-4339.

        OpenSSL is required to use DNSSEC with BIND.

Fix for version 9.3.2-P1 and lower:
        Upgrade to BIND 9.3.2-P2, then generate new RSASHA1 and
        RSAMD5 keys for all old keys using the old default exponent
        and perform a key rollover to these new keys.

        These versions also change the default RSA exponent to be
        65537 which is not vulnerable to the attacks described in
        CAN-2006-4339.
 2006-11-04 07:53:25 +00:00
dougb
f79340e225 Vendor import of BIND 9.3.2-P1, which addresses the following security 
vulnerabilities:

http://www.niscc.gov.uk/niscc/docs/re-20060905-00590.pdf?lang=en
2066.  [security]      Handle SIG queries gracefully. [RT #16300]

http://www.kb.cert.org/vuls/id/697164
1941.  [bug]           ncache_adderesult() should set eresult even if no
                       rdataset is passed to it. [RT #15642]

All users of BIND 9 are encouraged to upgrade to this version.
 2006-09-06 21:27:11 +00:00
dougb
13e6e55147 Vendor import of BIND 9.3.2 2005-12-29 04:22:58 +00:00
dougb
6c00746d36 Vendor import of BIND 9.3.1 2005-03-17 08:04:02 +00:00
des
46172d5768 Vendor import of BIND 9.3.0. 2004-09-23 07:18:50 +00:00
trhodes
06246360f7 Vender import of BIND 9.3.0rc4. 2004-09-19 01:30:24 +00:00