freebsd-skq/contrib/bind9/lib
Doug Barton 56a78b5211 Vendor import of 9.4.1-P1, which has fixes for the following:
1. The default access control lists (acls) are not being
correctly set. If not set anyone can make recursive queries
and/or query the cache contents.

See also:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925

2. The DNS query id generation is vulnerable to cryptographic
analysis which provides a 1 in 8 chance of guessing the next
query id for 50% of the query ids. This can be used to perform
cache poisoning by an attacker.

This bug only affects outgoing queries, generated by BIND 9 to
answer questions as a resolver, or when it is looking up data
for internal uses, such as when sending NOTIFYs to slave name
servers.

All users are encouraged to upgrade.

See also:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926

Approved by:	re (kensmith, implicit)
2007-07-25 08:12:36 +00:00
..
bind Vendor import of BIND 9.4.1 2007-06-02 23:21:47 +00:00
bind9 Vendor import of BIND 9.4.1 2007-06-02 23:21:47 +00:00
dns Vendor import of 9.4.1-P1, which has fixes for the following: 2007-07-25 08:12:36 +00:00
isc Add a custom atomic.h file which implements the C versions of the 2007-06-05 22:15:38 +00:00
isccc Vendor import of BIND 9.4.1 2007-06-02 23:21:47 +00:00
isccfg Vendor import of BIND 9.4.1 2007-06-02 23:21:47 +00:00
lwres Vendor import of BIND 9.4.1 2007-06-02 23:21:47 +00:00
Makefile.in Vendor import of BIND 9.4.1 2007-06-02 23:21:47 +00:00