From owner-freebsd-security@FreeBSD.ORG  Fri Jul 26 23:05:53 2013
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id EB5E2CF1
 for <freebsd-security@freebsd.org>; Fri, 26 Jul 2013 23:05:53 +0000 (UTC)
 (envelope-from roberto@keltia.freenix.fr)
Received: from keltia.net (cl-90.mrs-01.fr.sixxs.net
 [IPv6:2a01:240:fe00:59::2])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id ADC282532
 for <freebsd-security@freebsd.org>; Fri, 26 Jul 2013 23:05:53 +0000 (UTC)
Received: from lonrach.local (foret.keltia.net [78.232.116.160])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested) (Authenticated sender: roberto)
 by keltia.net (Postfix) with ESMTPSA id 1BA1652AE
 for <freebsd-security@freebsd.org>; Sat, 27 Jul 2013 01:05:52 +0200 (CEST)
Date: Sat, 27 Jul 2013 01:05:49 +0200
From: Ollivier Robert <roberto@keltia.freenix.fr>
To: freebsd-security@freebsd.org
Subject: bind9 and CVE-2013-4854
Message-ID: <20130726230549.GB64252@lonrach.local>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Operating-System: MacOS X / MBP 4,1 - FreeBSD 8.0 / T3500-E5520 Nehalem
User-Agent: Mutt/1.5.21 (2010-09-15)
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Jul 2013 23:05:54 -0000

I have updated both dns/bind98 and dns/bind99 to fix CVE-2013-4854 as indicated in
https://kb.isc.org/article/AA-01015/0

A specially crafted query that includes malformed rdata can cause named to terminate with an assertion failure while rejecting the malformed query.

BIND 9.6 and BIND 9.6-ESV are unaffected by this problem.  Earlier branches of BIND 9 are believed to be unaffected but have not been tested.  BIND 10 is also unaffected by this issue.

Please Note: All versions of BIND 9.7 are known to be affected, but these branches are beyond their "end of life" (EOL) and no longer receive testing or security fixes from ISC. For current information on which versions are actively supported, please see http://www.isc.org/downloads/software-support-policy/bind-software-status/.

-- 
Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr
In memoriam to Ondine : http://ondine.keltia.net/