freebsd-skq

d/freebsd-skq

Fork 0

Commit Graph

Author	SHA1	Message	Date
dougb	ced7835c06	Upgrade to 9.6-ESV-R4-P1, which address the following issues: 1. Very large RRSIG RRsets included in a negative cache can trigger an assertion failure that will crash named (BIND 9 DNS) due to an off-by-one error in a buffer size check. This bug affects all resolving name servers, whether DNSSEC validation is enabled or not, on all BIND versions prior to today. There is a possibility of malicious exploitation of this bug by remote users. 2. Named could fail to validate zones listed in a DLV that validated insecure without using DLV and had DS records in the parent zone. Add a patch provided by ru@ and confirmed by ISC to fix a crash at shutdown time when a SIG(0) key is being used.	2011-05-28 00:21:28 +00:00
dougb	6df9693fc1	Vendor import of BIND 9.4.1	2007-06-02 23:21:47 +00:00
trhodes	06246360f7	Vender import of BIND 9.3.0rc4.	2004-09-19 01:30:24 +00:00

Author

SHA1

Message

Date

dougb

ced7835c06

Upgrade to 9.6-ESV-R4-P1, which address the following issues:

1. Very large RRSIG RRsets included in a negative cache can trigger
an assertion failure that will crash named (BIND 9 DNS) due to an
off-by-one error in a buffer size check.

This bug affects all resolving name servers, whether DNSSEC validation
is enabled or not, on all BIND versions prior to today. There is a
possibility of malicious exploitation of this bug by remote users.

2. Named could fail to validate zones listed in a DLV that validated
insecure without using DLV and had DS records in the parent zone.

Add a patch provided by ru@ and confirmed by ISC to fix a crash at
shutdown time when a SIG(0) key is being used.

2011-05-28 00:21:28 +00:00

dougb

6df9693fc1

Vendor import of BIND 9.4.1

2007-06-02 23:21:47 +00:00

trhodes

06246360f7

Vender import of BIND 9.3.0rc4.

2004-09-19 01:30:24 +00:00

3 Commits