From owner-svn-doc-head@freebsd.org Tue Jul 7 23:10:27 2015 Return-Path: Delivered-To: svn-doc-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5CA66996CF4; Tue, 7 Jul 2015 23:10:27 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3FA221ECB; Tue, 7 Jul 2015 23:10:27 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t67NARni080932; Tue, 7 Jul 2015 23:10:27 GMT (envelope-from delphij@FreeBSD.org) Received: (from delphij@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t67NAPJD080925; Tue, 7 Jul 2015 23:10:25 GMT (envelope-from delphij@FreeBSD.org) Message-Id: <201507072310.t67NAPJD080925@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: delphij set sender to delphij@FreeBSD.org using -f From: Xin LI Date: Tue, 7 Jul 2015 23:10:25 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r46937 - in head/share: security/advisories security/patches/SA-15:11 xml X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Jul 2015 23:10:27 -0000 Author: delphij Date: Tue Jul 7 23:10:24 2015 New Revision: 46937 URL: https://svnweb.freebsd.org/changeset/doc/46937 Log: Add SA-15:11.bind. Added: head/share/security/advisories/FreeBSD-SA-15:11.bind.asc (contents, props changed) head/share/security/patches/SA-15:11/ head/share/security/patches/SA-15:11/bind-8.patch (contents, props changed) head/share/security/patches/SA-15:11/bind-8.patch.asc (contents, props changed) head/share/security/patches/SA-15:11/bind-9.patch (contents, props changed) head/share/security/patches/SA-15:11/bind-9.patch.asc (contents, props changed) Modified: head/share/xml/advisories.xml Added: head/share/security/advisories/FreeBSD-SA-15:11.bind.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-15:11.bind.asc Tue Jul 7 23:10:24 2015 (r46937) @@ -0,0 +1,137 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-15:11.bind Security Advisory + The FreeBSD Project + +Topic: BIND resolver remote denial of service when validating + +Category: contrib +Module: bind +Announced: 2015-07-07 +Credits: ISC +Affects: FreeBSD 8.4 and FreeBSD 9.3. +Corrected: 2015-07-07 21:43:23 UTC (stable/9, 9.3-STABLE) + 2015-07-07 21:44:01 UTC (releng/9.3, 9.3-RELEASE-p19) + 2015-07-07 21:43:23 UTC (stable/8, 8.4-STABLE) + 2015-07-07 21:44:01 UTC (releng/8.4, 8.4-RELEASE-p33) +CVE Name: CVE-2015-4620 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +BIND 9 is an implementation of the Domain Name System (DNS) protocol. +The named(8) daemon is an Internet Domain Name Server. The libdns +library is a library of DNS protocol support functions. + +II. Problem Description + +Due to a software defect, specially constructed zone data could cause +named(8) to crash with an assertion failure and rejecting the malformed +query when DNSSEC validation is enabled. + +III. Impact + +An attacker who can cause specific queries to be sent to a nameserver +could cause named(8) to crash, resulting in a denial of service. + +IV. Workaround + +No workaround is available, but hosts not running named(8) are not +vulnerable. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 9.3] +# fetch https://security.FreeBSD.org/patches/SA-15:11/bind-9.patch +# fetch https://security.FreeBSD.org/patches/SA-15:11/bind-9.patch.asc +# gpg --verify bind-9.patch.asc + +[FreeBSD 8.4] +# fetch https://security.FreeBSD.org/patches/SA-15:11/bind-8.patch +# fetch https://security.FreeBSD.org/patches/SA-15:11/bind-8.patch.asc +# gpg --verify bind-8.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in . + +Restart the applicable daemons, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/8/ r285257 +releng/8.4/ r285258 +stable/9/ r285257 +releng/9.3/ r285258 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.5 (FreeBSD) + +iQIcBAEBCgAGBQJVnEi/AAoJEO1n7NZdz2rnw4cP/jg5odJDqjzynxVweq+rCo7q +10Wwa5Is3BOFAMxE+qVvIyjPKwBTlYOud4Lwp9+6GXpEa6DQDTrqwGsgsEKsqrNN +WF8mfOhsSSHuhKNdcCT3+9/ERhdS6JwmvIgMhmEvBAWhf2HA6FRPQ1J6TP0ZoGKm +0x745/cqiYM4eCwH8kbC1tmMYBHqYapuI9aTZ8iuiddBR1lunE03GVlNn1A6e2U6 +CUt6rHNslup4C7sGq6fBt/5qlJZ4yOGCXHDys9l0OSeYUfKohbDi2TILhoMhio2x +8OdFIdr5U7sOtLPirbfLAUTb1C/H/BsKZfIX3Ff7iZQruVQrU4hKR1hd+GjZQb2G +5foI9jP3AIRZ3xaHjH0Y95/4diJz+nauH5BTeD9OLGJC3Mg/NsVVtoflg3o+AWKn +692ovG1csdkT598K0VV7Kp36n4tR43SPFZ8bqo8TMdt40H9imaN7ghXOFhpG1Yw8 +A6EU/yHJ5Jn9XyGM0E803pFodZEQk8wM8/LllA1txz85eDy+6HOQsxJeROcwJFeH +rtzJ6bweqV3keJPkP/AR+QLqFMEbySHp2al7uGAIHyd/3fGlvWhP10CTyxvG7ucY +Ak9PwH11UTw+RexOhOTWF+Bz9A5vVWG/wDPfGFLbhdmK00gX4y9xNOk2/QP6fTL3 +8Sz9sMkdOx3Vrbq+PPmu +=SVcF +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-15:11/bind-8.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-15:11/bind-8.patch Tue Jul 7 23:10:24 2015 (r46937) @@ -0,0 +1,21 @@ +Index: contrib/bind9/lib/dns/validator.c +=================================================================== +--- contrib/bind9/lib/dns/validator.c (revision 284940) ++++ contrib/bind9/lib/dns/validator.c (working copy) +@@ -1406,7 +1406,6 @@ compute_keytag(dns_rdata_t *rdata, dns_rdata_dnske + */ + static isc_boolean_t + isselfsigned(dns_validator_t *val) { +- dns_fixedname_t fixed; + dns_rdataset_t *rdataset, *sigrdataset; + dns_rdata_t rdata = DNS_RDATA_INIT; + dns_rdata_t sigrdata = DNS_RDATA_INIT; +@@ -1461,7 +1460,7 @@ isselfsigned(dns_validator_t *val) { + + result = dns_dnssec_verify2(name, rdataset, dstkey, + ISC_TRUE, mctx, &sigrdata, +- dns_fixedname_name(&fixed)); ++ NULL); + dst_key_free(&dstkey); + if (result != ISC_R_SUCCESS) + continue; Added: head/share/security/patches/SA-15:11/bind-8.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-15:11/bind-8.patch.asc Tue Jul 7 23:10:24 2015 (r46937) @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.5 (FreeBSD) + +iQIcBAABCgAGBQJVnEjTAAoJEO1n7NZdz2rngFYP/2wtQUC/zGqrgi4Rhl4zSXAW +jmVMYd7shsczDj3Jk5bR+WkMFFO28bqb84/fTlIusaONTgF5gS4+5/tVf29/Uufs +qtTPVilP0CD/vw3Pp8jKtBwC1fi+FHOZ3eGdVj0OWHwp+M8WdBB9iODNIZWtNzsu +CPUxxR/4PoRkCai6TKm7wUY3gskOrx7ANNTS9nNGY0wn+3ByxT0tZCacTZP3ZOgs +0xjjs+opBVLv5sAW9BpaUyoAhgbukkK7aBfoUxg+Wy0u64Nhj/FiPAXrvrmbnndZ +qmpz0Kbt7cXEVy26W1vnrr/qeo0l+PjMIiP+rBU9jLYIxJZddTiMNR6cQspFtUnY +Lsll0EfX5GkUH3Hp6E3kxk7BMZwBXRUcDnoPJKhU2A+2+szKKM5E7ltnCGVsOJHo +4JYI1bVahIqWaz3LX567EU/I2LoqLAaEg2DubwkmM7jTNSlTvIVbknRuoHDe1ubV +mEm/VV9feOxaJZJ832GV/8A7YeYIZBW3hhAetZmIpu7ovJncq2eVSQe3j7fskdqZ +LJInkvV//HDyRUA+6Mtg9+gV5TJszzHb6LqVyQt40+pcx5aQr4fgkWvtdc5s6AVi +PdUdheV8qx800uHipibSGITOSWHAq8rDLttiItCrmFhj/+vqvvTG8QpuwFMhLrqw +BHJruPyeb0cjgai0EXJ6 +=LZAe +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-15:11/bind-9.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-15:11/bind-9.patch Tue Jul 7 23:10:24 2015 (r46937) @@ -0,0 +1,22 @@ +Index: contrib/bind9/lib/dns/validator.c +=================================================================== +--- contrib/bind9/lib/dns/validator.c (revision 284940) ++++ contrib/bind9/lib/dns/validator.c (working copy) +@@ -1420,7 +1420,6 @@ compute_keytag(dns_rdata_t *rdata, dns_rdata_dnske + */ + static isc_boolean_t + isselfsigned(dns_validator_t *val) { +- dns_fixedname_t fixed; + dns_rdataset_t *rdataset, *sigrdataset; + dns_rdata_t rdata = DNS_RDATA_INIT; + dns_rdata_t sigrdata = DNS_RDATA_INIT; +@@ -1476,8 +1475,7 @@ isselfsigned(dns_validator_t *val) { + result = dns_dnssec_verify3(name, rdataset, dstkey, + ISC_TRUE, + val->view->maxbits, +- mctx, &sigrdata, +- dns_fixedname_name(&fixed)); ++ mctx, &sigrdata, NULL); + dst_key_free(&dstkey); + if (result != ISC_R_SUCCESS) + continue; Added: head/share/security/patches/SA-15:11/bind-9.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-15:11/bind-9.patch.asc Tue Jul 7 23:10:24 2015 (r46937) @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.5 (FreeBSD) + +iQIcBAABCgAGBQJVnEjTAAoJEO1n7NZdz2rnwbUP/ihtZzwvJjJrpQnur0Cw6sl0 +eBNutTlZPUw89mZtmi4Gpo6X6epA0ZSoUSnf13+k1hYnmZP5YXulGFyuAQ9zB9z8 +U52pgxg4MDqXUFK4nMHkv+EVCaxhIcmRHzAHejZh1LrH8RDxCO3kXomsTbIzJP3w +qU3LGqne8cmNwERs+DbULolxRNpWnNwLW8DiLpZzDA6xVWKr1dMAEwDHcbOgJwrd +WflSg5mpgx/cL6zL6+87Webk/D8pNc651f+UTJ7WmnLyB7qB1F7OkbUnGXykHVmc +VILkKEJbmiHIP9fhu23WVrqX79EMCb7h6cMbGuPHx4otN8ykvaSozRlwvT1V1+EF +VgKRZeW5rhFssxvzEijniHHRzsxM8/LW615Qs5Fp6ZFhVQ4WHUYRCaI8y7zE+GaM +ty6JZlpnSgwF32i50xph5wUSdqtUo2lbgep8A6RYQ72NhErtEY8yU1OdqCOz2i0E +TeT+FdABaAnR2q251EQzrmDqo1Ybkx3mIyYWDH7ds5sMcXq7GxX2Opv0o+aYRXtj +xjWH0YZiHnx8gKWFL02VqDEdIFSqOBGES1QD548Up66X0XvEnZky2tuC/Nvqxk1o +CJWk1HBEr/OSXrcMiPOH9Wg3kTwhvBGC76LvogPD48k/jOwCZVP7iGsVeVAgH58l +H3ADWbhNddIUbHLZSy0w +=CSh0 +-----END PGP SIGNATURE----- Modified: head/share/xml/advisories.xml ============================================================================== --- head/share/xml/advisories.xml Tue Jul 7 22:02:37 2015 (r46936) +++ head/share/xml/advisories.xml Tue Jul 7 23:10:24 2015 (r46937) @@ -8,6 +8,18 @@ 2015 + 7 + + + 7 + + + FreeBSD-SA-15:11.bind + + + + + 6