Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 5 Dec 2012 07:46:03 +0000 (UTC)
From:      Erwin Lansing <erwin@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r308317 - in head: dns/bind98 dns/bind99 security/vuxml
Message-ID:  <201212050746.qB57k34n098746@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: erwin
Date: Wed Dec  5 07:46:03 2012
New Revision: 308317
URL: http://svnweb.freebsd.org/changeset/ports/308317

Log:
  Update to the latest patch level from ISC:
  
    BIND 9 nameservers using the DNS64 IPv6 transition mechanism are
    vulnerable to a software defect that allows a crafted query to
    crash the server with a REQUIRE assertion failure.  Remote
    exploitation of this defect can be achieved without extensive
    effort, resulting in a denial-of-service (DoS) vector against
    affected servers.
  
  Security:	2892a8e2-3d68-11e2-8e01-0800273fe665
  		CVE-2012-5688
  Feature safe:	yes

Modified:
  head/dns/bind98/Makefile
  head/dns/bind98/distinfo
  head/dns/bind99/Makefile
  head/dns/bind99/distinfo
  head/security/vuxml/vuln.xml

Modified: head/dns/bind98/Makefile
==============================================================================
--- head/dns/bind98/Makefile	Wed Dec  5 07:28:55 2012	(r308316)
+++ head/dns/bind98/Makefile	Wed Dec  5 07:46:03 2012	(r308317)
@@ -1,7 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	bind98
-PORTVERSION=	9.8.4
+PORTVERSION=	9.8.4.1
 CATEGORIES=	dns net ipv6
 MASTER_SITES=	${MASTER_SITE_ISC}
 MASTER_SITE_SUBDIR=	bind9/${ISCVERSION}
@@ -11,7 +11,7 @@ MAINTAINER=	erwin@FreeBSD.org
 COMMENT=	BIND DNS suite with updated DNSSEC and DNS64
 
 # ISC releases things like 9.8.0-P1, which our versioning doesn't like
-ISCVERSION=	9.8.4
+ISCVERSION=	9.8.4-P1
 
 MAKE_JOBS_UNSAFE=	yes
 

Modified: head/dns/bind98/distinfo
==============================================================================
--- head/dns/bind98/distinfo	Wed Dec  5 07:28:55 2012	(r308316)
+++ head/dns/bind98/distinfo	Wed Dec  5 07:46:03 2012	(r308317)
@@ -1,4 +1,2 @@
-SHA256 (bind-9.8.4.tar.gz) = fdc378b04af99ed3a4cb82a4b0142fdd751fda568e1f7c7e95eab16ef63cac84
-SIZE (bind-9.8.4.tar.gz) = 7141026
-SHA256 (bind-9.8.4.tar.gz.asc) = dfe508f85143823d024dd4759a36a9a5298c0948fd783679d0f42a557e3663af
-SIZE (bind-9.8.4.tar.gz.asc) = 490
+SHA256 (bind-9.8.4-P1.tar.gz) = 60c979575bf6288570cb4e3e9ab9d99bb93a55d2a4946ce277f6e6e642dda21f
+SIZE (bind-9.8.4-P1.tar.gz) = 7129321

Modified: head/dns/bind99/Makefile
==============================================================================
--- head/dns/bind99/Makefile	Wed Dec  5 07:28:55 2012	(r308316)
+++ head/dns/bind99/Makefile	Wed Dec  5 07:46:03 2012	(r308317)
@@ -1,7 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	bind99
-PORTVERSION=	9.9.2
+PORTVERSION=	9.9.2.1
 CATEGORIES=	dns net ipv6
 MASTER_SITES=	${MASTER_SITE_ISC}
 MASTER_SITE_SUBDIR=	bind9/${ISCVERSION}
@@ -11,7 +11,7 @@ MAINTAINER=	erwin@FreeBSD.org
 COMMENT=	BIND DNS suite with updated DNSSEC and DNS64
 
 # ISC releases things like 9.8.0-P1, which our versioning doesn't like
-ISCVERSION=	9.9.2
+ISCVERSION=	9.9.2-P1
 
 MAKE_JOBS_UNSAFE=	yes
 

Modified: head/dns/bind99/distinfo
==============================================================================
--- head/dns/bind99/distinfo	Wed Dec  5 07:28:55 2012	(r308316)
+++ head/dns/bind99/distinfo	Wed Dec  5 07:46:03 2012	(r308317)
@@ -1,4 +1,2 @@
-SHA256 (bind-9.9.2.tar.gz) = 7e6530b198d512e27a856bbd7426b1a3c47fd55d06d667adb66f760259009b48
-SIZE (bind-9.9.2.tar.gz) = 7285050
-SHA256 (bind-9.9.2.tar.gz.asc) = d759edfd7c69bdc037e368d3e52a508a1ccc3e5d5e95ead62b461afdb24729d9
-SIZE (bind-9.9.2.tar.gz.asc) = 490
+SHA256 (bind-9.9.2-P1.tar.gz) = 4bce7c020402623333b655be5167ae8c52f30a6bfe9750caa3ab70da7d90219c
+SIZE (bind-9.9.2-P1.tar.gz) = 7277498

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Wed Dec  5 07:28:55 2012	(r308316)
+++ head/security/vuxml/vuln.xml	Wed Dec  5 07:46:03 2012	(r308317)
@@ -51,6 +51,48 @@ Note:  Please add new entries to the beg
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">;
+  <vuln vid="2892a8e2-3d68-11e2-8e01-0800273fe665">
+    <topic>dns/bind9* -- servers using DNS64 can be crashed by a crafted query</topic>
+    <affects>
+      <package>
+	<name>bind99</name>
+	<range><lt>9.9.2.1</lt></range>
+      </package>
+      <package>
+	<name>bind99-base</name>
+	<range><lt>9.9.2.1</lt></range>
+      </package>
+      <package>
+	<name>bind98</name>
+	<range><lt>9.8.4.1</lt></range>
+      </package>
+      <package>
+	<name>bind98-base</name>
+	<range><lt>9.8.4.1</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">;
+	<p>ISC reports:</p>
+	<blockquote cite="https://kb.isc.org/article/AA-00828">;
+	  <p>BIND 9 nameservers using the DNS64 IPv6 transition mechanism are
+  	     vulnerable to a software defect that allows a crafted query to
+	     crash the server with a REQUIRE assertion failure.  Remote
+	     exploitation of this defect can be achieved without extensive
+  	     effort, resulting in a denial-of-service (DoS) vector against
+  	     affected servers.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+	<cvename>CVE-2012-5688</cvename>
+    </references>
+    <dates>
+      <discovery>2012-11-27</discovery>
+      <entry>2012-12-04</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="f524d8e0-3d83-11e2-807a-080027ef73ec">
     <topic>bogofilter -- heap corruption by invalid base64 input</topic>
     <affects>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201212050746.qB57k34n098746>