Date: Wed, 20 Jan 2010 06:37:32 GMT From: Andrei Lavreniyuk <andy.lavr@reactor-xg.kiev.ua> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/143001: [UPDATE] ports/dns/bind95 Message-ID: <201001200637.o0K6bWGH008182@www.freebsd.org> Resent-Message-ID: <201001200640.o0K6e7nG047980@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 143001 >Category: ports >Synopsis: [UPDATE] ports/dns/bind95 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Jan 20 06:40:07 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Andrei Lavreniyuk >Release: FreeBSD 8.0-STABLE >Organization: Technica-03, Inc. >Environment: FreeBSD datacenter.technica-03.local 8.0-STABLE FreeBSD 8.0-STABLE #0: Sat Jan 9 10:23:32 EET 2010 root@datacenter.technica-03.local:/usr/obj/usr/src/sys/SMP64 amd64 >Description: BIND 9.5.2-P2 is now available. BIND 9.5.2-P2 is a SECURITY PATCH for BIND 9.5.2. It addresses two potential cache poisoning vulnerabilities, both of which could allow a validating recursive nameserver to cache data which had not been authenticated or was invalid. Bugs should be reported to bind9-bugs@isc.org. CVE identifiers: CVE-2009-4022, CVE-2010-0097 CERT advisories: VU#418861, VU#360341. Information about these vulnerabilities can be found at: https://www.isc.org/advisories/CVE-2009-4022v6 https://www.isc.org/advisories/CVE-2010-0097 BIND 9.5.2-P2 can be downloaded from: ftp://ftp.isc.org/isc/bind9/9.5.2-P2/bind-9.5.2-P2.tar.gz PGP signatures of the distribution are at: ftp://ftp.isc.org/isc/bind9/9.5.2-P2/bind-9.5.2-P2.tar.gz.asc ftp://ftp.isc.org/isc/bind9/9.5.2-P2/bind-9.5.2-P2.tar.gz.sha256.asc ftp://ftp.isc.org/isc/bind9/9.5.2-P2/bind-9.5.2-P2.tar.gz.sha512.asc The signatures were generated with the ISC public key, which is available at https://www.isc.org/about/openpgp A binary kit for Windows XP, Windows 2003 and Windows 2008 is at: ftp://ftp.isc.org/isc/bind9/9.5.2-P2/BIND9.5.2-P2.zip ftp://ftp.isc.org/isc/bind9/9.5.2-P2/BIND9.5.2-P2.debug.zip PGP signatures of the binary kit are at: ftp://ftp.isc.org/isc/bind9/9.5.2-P2/BIND9.5.2-P2.zip.asc ftp://ftp.isc.org/isc/bind9/9.5.2-P2/BIND9.5.2-P2.zip.sha256.asc ftp://ftp.isc.org/isc/bind9/9.5.2-P2/BIND9.5.2-P2.zip.sha512.asc ftp://ftp.isc.org/isc/bind9/9.5.2-P2/BIND9.5.2-P2.debug.zip.asc ftp://ftp.isc.org/isc/bind9/9.5.2-P2/BIND9.5.2-P2.debug.zip.sha256.asc ftp://ftp.isc.org/isc/bind9/9.5.2-P2/BIND9.5.2-P2.debug.zip.sha512.asc Changes since 9.5.2-P1: 2831. [security] Do not attempt to validate or cache out-of-bailiwick data returned with a secure answer; it must be re-fetched from its original source and validated in that context. [RT #20819] 2828. [security] Cached CNAME or DNAME RR could be returned to clients without DNSSEC validation. [RT #20737] 2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712] >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201001200637.o0K6bWGH008182>