Date: Wed, 5 Dec 2012 07:46:03 +0000 (UTC) From: Erwin Lansing <erwin@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r308317 - in head: dns/bind98 dns/bind99 security/vuxml Message-ID: <201212050746.qB57k34n098746@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: erwin Date: Wed Dec 5 07:46:03 2012 New Revision: 308317 URL: http://svnweb.freebsd.org/changeset/ports/308317 Log: Update to the latest patch level from ISC: BIND 9 nameservers using the DNS64 IPv6 transition mechanism are vulnerable to a software defect that allows a crafted query to crash the server with a REQUIRE assertion failure. Remote exploitation of this defect can be achieved without extensive effort, resulting in a denial-of-service (DoS) vector against affected servers. Security: 2892a8e2-3d68-11e2-8e01-0800273fe665 CVE-2012-5688 Feature safe: yes Modified: head/dns/bind98/Makefile head/dns/bind98/distinfo head/dns/bind99/Makefile head/dns/bind99/distinfo head/security/vuxml/vuln.xml Modified: head/dns/bind98/Makefile ============================================================================== --- head/dns/bind98/Makefile Wed Dec 5 07:28:55 2012 (r308316) +++ head/dns/bind98/Makefile Wed Dec 5 07:46:03 2012 (r308317) @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= bind98 -PORTVERSION= 9.8.4 +PORTVERSION= 9.8.4.1 CATEGORIES= dns net ipv6 MASTER_SITES= ${MASTER_SITE_ISC} MASTER_SITE_SUBDIR= bind9/${ISCVERSION} @@ -11,7 +11,7 @@ MAINTAINER= erwin@FreeBSD.org COMMENT= BIND DNS suite with updated DNSSEC and DNS64 # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.8.4 +ISCVERSION= 9.8.4-P1 MAKE_JOBS_UNSAFE= yes Modified: head/dns/bind98/distinfo ============================================================================== --- head/dns/bind98/distinfo Wed Dec 5 07:28:55 2012 (r308316) +++ head/dns/bind98/distinfo Wed Dec 5 07:46:03 2012 (r308317) @@ -1,4 +1,2 @@ -SHA256 (bind-9.8.4.tar.gz) = fdc378b04af99ed3a4cb82a4b0142fdd751fda568e1f7c7e95eab16ef63cac84 -SIZE (bind-9.8.4.tar.gz) = 7141026 -SHA256 (bind-9.8.4.tar.gz.asc) = dfe508f85143823d024dd4759a36a9a5298c0948fd783679d0f42a557e3663af -SIZE (bind-9.8.4.tar.gz.asc) = 490 +SHA256 (bind-9.8.4-P1.tar.gz) = 60c979575bf6288570cb4e3e9ab9d99bb93a55d2a4946ce277f6e6e642dda21f +SIZE (bind-9.8.4-P1.tar.gz) = 7129321 Modified: head/dns/bind99/Makefile ============================================================================== --- head/dns/bind99/Makefile Wed Dec 5 07:28:55 2012 (r308316) +++ head/dns/bind99/Makefile Wed Dec 5 07:46:03 2012 (r308317) @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= bind99 -PORTVERSION= 9.9.2 +PORTVERSION= 9.9.2.1 CATEGORIES= dns net ipv6 MASTER_SITES= ${MASTER_SITE_ISC} MASTER_SITE_SUBDIR= bind9/${ISCVERSION} @@ -11,7 +11,7 @@ MAINTAINER= erwin@FreeBSD.org COMMENT= BIND DNS suite with updated DNSSEC and DNS64 # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.9.2 +ISCVERSION= 9.9.2-P1 MAKE_JOBS_UNSAFE= yes Modified: head/dns/bind99/distinfo ============================================================================== --- head/dns/bind99/distinfo Wed Dec 5 07:28:55 2012 (r308316) +++ head/dns/bind99/distinfo Wed Dec 5 07:46:03 2012 (r308317) @@ -1,4 +1,2 @@ -SHA256 (bind-9.9.2.tar.gz) = 7e6530b198d512e27a856bbd7426b1a3c47fd55d06d667adb66f760259009b48 -SIZE (bind-9.9.2.tar.gz) = 7285050 -SHA256 (bind-9.9.2.tar.gz.asc) = d759edfd7c69bdc037e368d3e52a508a1ccc3e5d5e95ead62b461afdb24729d9 -SIZE (bind-9.9.2.tar.gz.asc) = 490 +SHA256 (bind-9.9.2-P1.tar.gz) = 4bce7c020402623333b655be5167ae8c52f30a6bfe9750caa3ab70da7d90219c +SIZE (bind-9.9.2-P1.tar.gz) = 7277498 Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Dec 5 07:28:55 2012 (r308316) +++ head/security/vuxml/vuln.xml Wed Dec 5 07:46:03 2012 (r308317) @@ -51,6 +51,48 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="2892a8e2-3d68-11e2-8e01-0800273fe665"> + <topic>dns/bind9* -- servers using DNS64 can be crashed by a crafted query</topic> + <affects> + <package> + <name>bind99</name> + <range><lt>9.9.2.1</lt></range> + </package> + <package> + <name>bind99-base</name> + <range><lt>9.9.2.1</lt></range> + </package> + <package> + <name>bind98</name> + <range><lt>9.8.4.1</lt></range> + </package> + <package> + <name>bind98-base</name> + <range><lt>9.8.4.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>ISC reports:</p> + <blockquote cite="https://kb.isc.org/article/AA-00828">; + <p>BIND 9 nameservers using the DNS64 IPv6 transition mechanism are + vulnerable to a software defect that allows a crafted query to + crash the server with a REQUIRE assertion failure. Remote + exploitation of this defect can be achieved without extensive + effort, resulting in a denial-of-service (DoS) vector against + affected servers.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2012-5688</cvename> + </references> + <dates> + <discovery>2012-11-27</discovery> + <entry>2012-12-04</entry> + </dates> + </vuln> + <vuln vid="f524d8e0-3d83-11e2-807a-080027ef73ec"> <topic>bogofilter -- heap corruption by invalid base64 input</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201212050746.qB57k34n098746>