Date: Wed, 25 Jul 2007 08:24:40 +0000 (UTC) From: Doug Barton <dougb@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/contrib/bind9 CHANGES README version src/contrib/bind9/bin/named client.c src/contrib/bind9/lib/dns dispatch.c src/contrib/bind9/lib/dns/include/dns dispatch.h Message-ID: <200707250824.l6P8Oe6l075266@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
dougb 2007-07-25 08:24:40 UTC FreeBSD src repository Modified files: (Branch: RELENG_5) contrib/bind9 CHANGES README version contrib/bind9/bin/named client.c contrib/bind9/lib/dns dispatch.c contrib/bind9/lib/dns/include/dns dispatch.h Log: Update to 9.3.4-P1, which fixes the following: The DNS query id generation is vulnerable to cryptographic analysis which provides a 1 in 8 chance of guessing the next query id for 50% of the query ids. This can be used to perform cache poisoning by an attacker. This bug only affects outgoing queries, generated by BIND 9 to answer questions as a resolver, or when it is looking up data for internal uses, such as when sending NOTIFYs to slave name servers. All users are encouraged to upgrade. See also: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926 Revision Changes Path 1.1.1.2.2.8 +12 -0 src/contrib/bind9/CHANGES 1.1.1.1.2.6 +4 -0 src/contrib/bind9/README 1.1.1.1.2.5 +9 -1 src/contrib/bind9/bin/named/client.c 1.1.1.1.2.3 +448 -50 src/contrib/bind9/lib/dns/dispatch.c 1.1.1.1.2.2 +8 -1 src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.2.2.8 +3 -3 src/contrib/bind9/version
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200707250824.l6P8Oe6l075266>