Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 25 Jul 2007 08:24:40 +0000 (UTC)
From:      Doug Barton <dougb@FreeBSD.org>
To:        src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   cvs commit: src/contrib/bind9 CHANGES README version src/contrib/bind9/bin/named client.c src/contrib/bind9/lib/dns dispatch.c src/contrib/bind9/lib/dns/include/dns dispatch.h
Message-ID:  <200707250824.l6P8Oe6l075266@repoman.freebsd.org>

next in thread | raw e-mail | index | archive | help
dougb       2007-07-25 08:24:40 UTC

  FreeBSD src repository

  Modified files:        (Branch: RELENG_5)
    contrib/bind9        CHANGES README version 
    contrib/bind9/bin/named client.c 
    contrib/bind9/lib/dns dispatch.c 
    contrib/bind9/lib/dns/include/dns dispatch.h 
  Log:
  Update to 9.3.4-P1, which fixes the following:
  
  The DNS query id generation is vulnerable to cryptographic
  analysis which provides a 1 in 8 chance of guessing the next
  query id for 50% of the query ids. This can be used to perform
  cache poisoning by an attacker.
  
  This bug only affects outgoing queries, generated by BIND 9 to
  answer questions as a resolver, or when it is looking up data
  for internal uses, such as when sending NOTIFYs to slave name
  servers.
  
  All users are encouraged to upgrade.
  
  See also:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
  
  Revision     Changes    Path
  1.1.1.2.2.8  +12 -0     src/contrib/bind9/CHANGES
  1.1.1.1.2.6  +4 -0      src/contrib/bind9/README
  1.1.1.1.2.5  +9 -1      src/contrib/bind9/bin/named/client.c
  1.1.1.1.2.3  +448 -50   src/contrib/bind9/lib/dns/dispatch.c
  1.1.1.1.2.2  +8 -1      src/contrib/bind9/lib/dns/include/dns/dispatch.h
  1.1.1.2.2.8  +3 -3      src/contrib/bind9/version



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200707250824.l6P8Oe6l075266>