From owner-freebsd-ports-bugs@FreeBSD.ORG Fri Sep 14 06:30:16 2012 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 696A2106567E for ; Fri, 14 Sep 2012 06:30:16 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 2698E8FC16 for ; Fri, 14 Sep 2012 06:30:16 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q8E6UGKP001098 for ; Fri, 14 Sep 2012 06:30:16 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q8E6UFVX001085; Fri, 14 Sep 2012 06:30:15 GMT (envelope-from gnats) Resent-Date: Fri, 14 Sep 2012 06:30:15 GMT Resent-Message-Id: <201209140630.q8E6UFVX001085@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Alexey Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 35CE6106564A for ; Fri, 14 Sep 2012 06:28:24 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id 20DBF8FC17 for ; Fri, 14 Sep 2012 06:28:24 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.5/8.14.5) with ESMTP id q8E6SNHE003056 for ; Fri, 14 Sep 2012 06:28:23 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.5/8.14.5/Submit) id q8E6SNDd003055; Fri, 14 Sep 2012 06:28:23 GMT (envelope-from nobody) Message-Id: <201209140628.q8E6SNDd003055@red.freebsd.org> Date: Fri, 14 Sep 2012 06:28:23 GMT From: Alexey To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: ports/171631: Bind security problem: A Specially Crafted Resource Record Could Cause named to Terminate X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Sep 2012 06:30:16 -0000 >Number: 171631 >Category: ports >Synopsis: Bind security problem: A Specially Crafted Resource Record Could Cause named to Terminate >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Sep 14 06:30:15 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Alexey >Release: Any >Organization: >Environment: bind 9.0.x -> 9.6.x, 9.4-ESV->9.4-ESV-R5-P1, 9.6-ESV->9.6-ESV-R7-P2, 9.7.0->9.7.6-P2, 9.8.0->9.8.3-P2, 9.9.0->9.9.1-P2 >Description: http://www.isc.org/software/bind/advisories/cve-2012-4244 -cut- A nameserver can be caused to exit with a REQUIRE exception if it can be induced to load a specially crafted resource record. If a record with RDATA in excess of 65535 bytes is loaded into a nameserver, a subsequent query for that record will cause named to exit with an assertion failure. Please Note: Versions of BIND 9.4 and 9.5 are also affected, but these branches are beyond their "end of life" (EOL) and no longer receive testing or security fixes from ISC. This vulnerability can be exploited remotely against recursive servers by inducing them to query for records provided by an authoritative server. It affects authoritative servers if a zone containing this type of resource record is loaded from file or provided via zone transfer. -cut- >How-To-Repeat: >Fix: There are new releases from ISC with fix of the bug BIND 9 version 9.7.7, 9.7.6-P3 BIND 9 version 9.6-ESV-R8, 9.6-ESV-R7-P3 BIND 9 version 9.8.4, 9.8.3-P3 BIND 9 version 9.9.2, 9.9.1-P3 ports dns/bind9* have top be updated to new release. Same as base system where we have 9.x release too. >Release-Note: >Audit-Trail: >Unformatted: