Date: Sat, 4 Nov 2006 07:53:27 +0000 (UTC) From: Doug Barton <dougb@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/contrib/bind9 - Imported sources Message-ID: <200611040753.kA47rReN028118@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
dougb 2006-11-04 07:53:26 UTC
FreeBSD src repository
src/contrib/bind9 - Imported sources
Update of /home/ncvs/src/contrib/bind9
In directory repoman.freebsd.org:/tmp/cvs-serv28030
Log Message:
Update to version 9.3.2-P2, which addresses the vulnerability
announced by ISC dated 31 October (delivered via e-mail to the
bind-announce@isc.org list on 2 November):
Description:
Because of OpenSSL's recently announced vulnerabilities
(CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named,
we are announcing this workaround and releasing patches. A proof of
concept attack on OpenSSL has been demonstrated for CAN-2006-4339.
OpenSSL is required to use DNSSEC with BIND.
Fix for version 9.3.2-P1 and lower:
Upgrade to BIND 9.3.2-P2, then generate new RSASHA1 and
RSAMD5 keys for all old keys using the old default exponent
and perform a key rollover to these new keys.
These versions also change the default RSA exponent to be
65537 which is not vulnerable to the attacks described in
CAN-2006-4339.
Status:
Vendor Tag: ISC
Release Tags: BIND_9_3_2_P2
U src/contrib/bind9/version
U src/contrib/bind9/configure.in
U src/contrib/bind9/CHANGES
U src/contrib/bind9/bin/named/query.c
U src/contrib/bind9/lib/dns/resolver.c
U src/contrib/bind9/lib/dns/opensslrsa_link.c
No conflicts created by this import
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200611040753.kA47rReN028118>