Date: Fri, 3 Dec 2010 23:21:31 +0000 (UTC) From: Doug Barton <dougb@FreeBSD.org> To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/dns/bind96 Makefile distinfo Message-ID: <201012032321.oB3NLV1m001584@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
dougb 2010-12-03 23:21:31 UTC FreeBSD ports repository Modified files: dns/bind96 Makefile distinfo Log: Update to version 9.6-ESV-R3, the latest from ISC, which addresses the following security vulnerabilities. For more information regarding these issues please see: http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories 1. Cache incorrectly allows ncache and rrsig for the same type http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613 Affects resolver operators whose servers are open to potential attackers. Triggering the bug will cause the server to crash. This bug applies even if you do not have DNSSEC enabled. 2. Using "allow-query" in the "options" or "view" statements to restrict access to authoritative zones has no effect. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3615 Affects authoritative server operators who wish to generally restrict queries to their authoritative zones, and are running 9.6.2-P2 or any version of 9.7.x. The bug will allow unauthorized end users to receive answers to queries they should not. For the port: 1. Add CONFLICT for the ../bind-tools port 2. Remove CONFLICT for the removed ../bind9 port 3. Remove OPTION for threads on < RELENG_7 4. Switch to pkg-install to create the symlinks to /etc/namedb/ as requested in [1] PR: ports/151635 [1] Submitted by: Benjamin Lee <ben@b1c1l1.com> [1] Revision Changes Path 1.112 +6 -16 ports/dns/bind96/Makefile 1.65 +4 -4 ports/dns/bind96/distinfo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201012032321.oB3NLV1m001584>