Date: Thu, 12 Jan 2017 07:27:14 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r431223 - head/security/vuxml Message-ID: <201701120727.v0C7REpE023494@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Thu Jan 12 07:27:14 2017 New Revision: 431223 URL: https://svnweb.freebsd.org/changeset/ports/431223 Log: Document BIND multiple vulnerabilities. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Jan 12 07:12:47 2017 (r431222) +++ head/security/vuxml/vuln.xml Thu Jan 12 07:27:14 2017 (r431223) @@ -58,6 +58,94 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="d4c7e9a9-d893-11e6-9b4d-d050996490d0"> + <topic>BIND -- multiple vulnerabilities</topic> + <affects> + <package> + <name>bind99</name> + <range><lt>9.9.9P5</lt></range> + </package> + <package> + <name>bind910</name> + <range><lt>9.10.4P5</lt></range> + </package> + <package> + <name>bind911</name> + <range><lt>9.11.0P2</lt></range> + </package> + <package> + <name>bind9-devel</name> + <range><ge>0</ge></range> + </package> + <package> + <name>FreeBSD</name> + <range><ge>9.3</ge><lt>10.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>ISC reports:</p> + <blockquote cite="https://kb.isc.org/article/AA-01439/0">; + <p>A malformed query response received by a recursive + server in response to a query of RTYPE ANY could + trigger an assertion failure while named is attempting + to add the RRs in the query response to the cache.</p> + </blockquote> + <blockquote cite="https://kb.isc.org/article/AA-01440/0">; + <p>Depending on the type of query and the EDNS options + in the query they receive, DNSSEC-enabled authoritative + servers are expected to include RRSIG and other RRsets + in their responses to recursive servers. + DNSSEC-validating servers will also make specific queries + for DS and other RRsets. + Whether DNSSEC-validating or not, an error in processing + malformed query responses that contain DNSSEC-related + RRsets that are inconsistent with other RRsets in the + same query response can trigger an assertion failure. + Although the combination of properties which triggers + the assertion should not occur in normal traffic, it + is potentially possible for the assertion to be triggered + deliberately by an attacker sending a specially-constructed + answer.</p> + </blockquote> + <blockquote cite="https://kb.isc.org/article/AA-01441/0">; + <p>An unusually-formed answer containing a DS resource + record could trigger an assertion failure. While the + combination of properties which triggers the assertion + should not occur in normal traffic, it is potentially + possible for the assertion to be triggered deliberately + by an attacker sending a specially-constructed answer + having the required properties.</p> + </blockquote> + <blockquote cite="https://kb.isc.org/article/AA-01442/0">; + <p>An error in handling certain queries can cause an + assertion failure when a server is using the + nxdomain-redirect feature to cover a zone for which + it is also providing authoritative service. + A vulnerable server could be intentionally stopped + by an attacker if it was using a configuration that + met the criteria for the vulnerability and if the + attacker could cause it to accept a query that + possessed the required attributes.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2016-9131</cvename> + <cvename>CVE-2016-9147</cvename> + <cvename>CVE-2016-9444</cvename> + <cvename>CVE-2016-9778</cvename> + <url>https://kb.isc.org/article/AA-01439/0</url>; + <url>https://kb.isc.org/article/AA-01440/0</url>; + <url>https://kb.isc.org/article/AA-01441/0</url>; + <url>https://kb.isc.org/article/AA-01442/0</url>; + </references> + <dates> + <discovery>2017-01-11</discovery> + <entry>2017-01-12</entry> + </dates> + </vuln> + <vuln vid="2c948527-d823-11e6-9171-14dae9d210b8"> <topic>FreeBSD -- OpenSSH multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201701120727.v0C7REpE023494>