Date: Sat, 27 Jul 2013 01:05:49 +0200 From: Ollivier Robert <roberto@keltia.freenix.fr> To: freebsd-security@freebsd.org Subject: bind9 and CVE-2013-4854 Message-ID: <20130726230549.GB64252@lonrach.local>
next in thread | raw e-mail | index | archive | help
I have updated both dns/bind98 and dns/bind99 to fix CVE-2013-4854 as indicated in https://kb.isc.org/article/AA-01015/0 A specially crafted query that includes malformed rdata can cause named to terminate with an assertion failure while rejecting the malformed query. BIND 9.6 and BIND 9.6-ESV are unaffected by this problem. Earlier branches of BIND 9 are believed to be unaffected but have not been tested. BIND 10 is also unaffected by this issue. Please Note: All versions of BIND 9.7 are known to be affected, but these branches are beyond their "end of life" (EOL) and no longer receive testing or security fixes from ISC. For current information on which versions are actively supported, please see http://www.isc.org/downloads/software-support-policy/bind-software-status/. -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr In memoriam to Ondine : http://ondine.keltia.net/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130726230549.GB64252>