From owner-cvs-src@FreeBSD.ORG Wed Jul 25 08:23:08 2007 Return-Path: Delivered-To: cvs-src@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8B41C16A41B; Wed, 25 Jul 2007 08:23:08 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 7982313C46C; Wed, 25 Jul 2007 08:23:08 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id l6P8N8Cs075122; Wed, 25 Jul 2007 08:23:08 GMT (envelope-from dougb@repoman.freebsd.org) Received: (from dougb@localhost) by repoman.freebsd.org (8.14.1/8.14.1/Submit) id l6P8N8an075121; Wed, 25 Jul 2007 08:23:08 GMT (envelope-from dougb) Message-Id: <200707250823.l6P8N8an075121@repoman.freebsd.org> From: Doug Barton Date: Wed, 25 Jul 2007 08:23:08 +0000 (UTC) To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org X-FreeBSD-CVS-Branch: RELENG_6 Cc: Subject: cvs commit: src/contrib/bind9 CHANGES README version src/contrib/bind9/bin/named client.c src/contrib/bind9/lib/dns dispatch.c src/contrib/bind9/lib/dns/include/dns dispatch.h X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jul 2007 08:23:08 -0000 dougb 2007-07-25 08:23:08 UTC FreeBSD src repository Modified files: (Branch: RELENG_6) contrib/bind9 CHANGES README version contrib/bind9/bin/named client.c contrib/bind9/lib/dns dispatch.c contrib/bind9/lib/dns/include/dns dispatch.h Log: Update to 9.3.4-P1, which fixes the following: The DNS query id generation is vulnerable to cryptographic analysis which provides a 1 in 8 chance of guessing the next query id for 50% of the query ids. This can be used to perform cache poisoning by an attacker. This bug only affects outgoing queries, generated by BIND 9 to answer questions as a resolver, or when it is looking up data for internal uses, such as when sending NOTIFYs to slave name servers. All users are encouraged to upgrade. See also: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926 Revision Changes Path 1.1.1.3.2.6 +12 -0 src/contrib/bind9/CHANGES 1.1.1.2.2.4 +4 -0 src/contrib/bind9/README 1.1.1.2.2.3 +9 -1 src/contrib/bind9/bin/named/client.c 1.1.1.1.4.2 +448 -50 src/contrib/bind9/lib/dns/dispatch.c 1.1.1.1.4.1 +8 -1 src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.3.2.6 +3 -3 src/contrib/bind9/version