Date: Wed, 15 May 2024 02:02:54 GMT From: Neel Chauhan <nc@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 9422b76b11fe - main - dns/dnsdist: update to 1.9.4 (fixes CVE-2024-25581) Message-ID: <202405150202.44F22swA050883@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by nc: URL: https://cgit.FreeBSD.org/ports/commit/?id=9422b76b11fe118a3473845ee88bd920f418c14c commit 9422b76b11fe118a3473845ee88bd920f418c14c Author: Ralf van der Enden <tremere@cainites.net> AuthorDate: 2024-05-13 11:39:22 +0000 Commit: Neel Chauhan <nc@FreeBSD.org> CommitDate: 2024-05-15 02:02:40 +0000 dns/dnsdist: update to 1.9.4 (fixes CVE-2024-25581) PR: 278954 Approved by: submitter is maintainer --- dns/dnsdist/Makefile | 2 +- dns/dnsdist/distinfo | 6 +++--- security/vuxml/vuln/2024.xml | 34 +++++++++++++++++++++++++++++++++- 3 files changed, 37 insertions(+), 5 deletions(-) diff --git a/dns/dnsdist/Makefile b/dns/dnsdist/Makefile index 1c3dee8e4206..c1ddecd5e4d2 100644 --- a/dns/dnsdist/Makefile +++ b/dns/dnsdist/Makefile @@ -1,5 +1,5 @@ PORTNAME= dnsdist -DISTVERSION= 1.9.3 +DISTVERSION= 1.9.4 CATEGORIES= dns net MASTER_SITES= https://downloads.powerdns.com/releases/ diff --git a/dns/dnsdist/distinfo b/dns/dnsdist/distinfo index 656cd642f775..724d6806d1a7 100644 --- a/dns/dnsdist/distinfo +++ b/dns/dnsdist/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1712317299 -SHA256 (dnsdist-1.9.3.tar.bz2) = f05b68806dc6c4d207b1fadb7ec715c3e0d28d893a8b3b92d58297c4ceb56c3f -SIZE (dnsdist-1.9.3.tar.bz2) = 1577027 +TIMESTAMP = 1715595818 +SHA256 (dnsdist-1.9.4.tar.bz2) = 297d3a3751af4650665c9d3890a1d5a7a0467175f2c8607d0d5980e3fd67ef14 +SIZE (dnsdist-1.9.4.tar.bz2) = 1591994 diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index f0d80972c94b..a7adfc16dd50 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,4 +1,36 @@ - <vuln vid="5afd64ae-122a-11ef-8eed-1c697a616631"> + <vuln vid="f2d8342f-1134-11ef-8791-6805ca2fa271"> + <topic>dnsdist -- Transfer requests received over DoH can lead to a denial of service</topic> + <affects> + <package> + <name>dnsdist</name> + <range><lt>1.9.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>PowerDNS Security Advisory reports:</p> + <blockquote cite="https://dnsdist.org/security-advisories/index.html">; + <p>When incoming DNS over HTTPS support is enabled using the nghttp2 provider, + and queries are routed to a tcp-only or DNS over TLS backend, an attacker can + trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR + or IXFR) over DNS over HTTPS, causing the process to stop and thus leading to a + Denial of Service. DNS over HTTPS is not enabled by default, and backends are using + plain DNS (Do53) by default. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2024-25581</cvename> + <url>https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2024-03.html</url>; + </references> + <dates> + <discovery>2024-05-13</discovery> + <entry>2024-05-13</entry> + </dates> + </vuln> + +<vuln vid="5afd64ae-122a-11ef-8eed-1c697a616631"> <topic>Intel CPUs -- multiple vulnerabilities</topic> <affects> <package>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202405150202.44F22swA050883>