Date: Tue, 19 May 2009 01:38:22 GMT From: Olafur Osvaldsson <osvaldsson@icelandic.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/134697: [MAINTAINER] dns/nsd: update to 3.2.2 Message-ID: <200905190138.n4J1cMxr077654@portbuild.icelandic.net> Resent-Message-ID: <200905190320.n4J3K1s0004588@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 134697 >Category: ports >Synopsis: [MAINTAINER] dns/nsd: update to 3.2.2 >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Tue May 19 03:20:01 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Olafur Osvaldsson >Release: FreeBSD 7.1-STABLE i386 >Organization: >Environment: System: FreeBSD portbuild.icelandic.net 7.1-STABLE FreeBSD 7.1-STABLE #2: Fri Jan 9 01:33:17 GMT >Description: [DESCRIBE CHANGES] - Fixing a vulnerability - Using the update to fix my email address since I quit ISNIC a long time ago (see dns/nsd history) We have released version 3.2.2. of NSD. This is *critical* bugfix release. One of the bugs is a one-byte buffer overflow that allows a carefully crafted exploit to take down your name-server. It is highly unlikely that the one-byte-off issue can lead to other (system) exploits. The bug affects all version of NSD 2.0.0 to 3.2.1. Whether the bug can be exploited to depends on various aspects of the OS and is therefore distribution and compiler dependent. For more information: http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html We strongly recommend you to update your systems to the latest version. If you have reasons for not running the latest version of NSD, we strongly advise you to at least apply the patch that resolves the critical bug. Added file(s): - files/patch-vuln >How-To-Repeat: >Fix: --- nsd-2.3.7_1.patch begins here --- diff -ruN nsd2.orig/Makefile nsd2/Makefile --- nsd2.orig/Makefile 2009-05-19 01:29:27.000000000 +0000 +++ nsd2/Makefile 2009-05-19 01:30:29.000000000 +0000 @@ -7,6 +7,7 @@ PORTNAME= nsd PORTVERSION= 2.3.7 +PORTREVISION= 1 CATEGORIES= dns ipv6 MASTER_SITES= http://www.nlnetlabs.nl/downloads/nsd/ \ ftp://ftp.rhnet.is/pub/nsd/ diff -ruN nsd2.orig/files/patch-vuln nsd2/files/patch-vuln --- nsd2.orig/files/patch-vuln 1970-01-01 00:00:00.000000000 +0000 +++ nsd2/files/patch-vuln 2009-05-18 13:02:50.000000000 +0000 @@ -0,0 +1,13 @@ +--- query.c ++++ query.c +@@ -239,8 +239,8 @@ + * MAXDOMAINLEN ... + */ + if ((*src & 0xc0) || +- (src + *src + 1 > buffer_end(query->packet)) || +- (src + *src + 1 > query_name + MAXDOMAINLEN)) ++ (src + *src + 2 > buffer_end(query->packet)) || ++ (src + *src + 2 > query_name + MAXDOMAINLEN)) + { + return 0; + } --- nsd-2.3.7_1.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200905190138.n4J1cMxr077654>