summaryrefslogtreecommitdiff
path: root/comms/xisp
diff options
context:
space:
mode:
authorspz <spz@pkgsrc.org>2010-01-21 19:54:33 +0000
committerspz <spz@pkgsrc.org>2010-01-21 19:54:33 +0000
commitcafbf18a2ddeac6b959a0ee88c926addb7a91739 (patch)
treeb48559f78b0ffc741193393ffd553db0a4fef0e6 /comms/xisp
parentdb2414ddb5c8a14b91cfaf151ae72fb0601dff78 (diff)
downloadpkgsrc-cafbf18a2ddeac6b959a0ee88c926addb7a91739.tar.gz
security update:
BIND 9.4.3-P4 is a SECURITY PATCH for BIND 9.4.3. It addresses a potential cache poisoning vulnerability, in which data in the additional section of a response could be cached without proper DNSSEC validation. Changes since 9.4.3-P3: 2772. [security] When validating, track whether pending data was from the additional section or not and only return it if validates as secure. [RT #20438] BIND 9.4.3-P5 is a SECURITY PATCH for BIND 9.4.3. It addresses two potential cache poisoning vulnerabilities, both of which could allow a validating recursive nameserver to cache data which had not been authenticated or was invalid. CVE identifiers: CVE-2009-4022, CVE-2010-0097 CERT advisories: VU#418861, VU#360341 Changes since 9.4.3-P4: 2831. [security] Do not attempt to validate or cache out-of-bailiwick data returned with a secure answer; it must be re-fetched from its original source and validated in that context. [RT #20819] 2828. [security] Cached CNAME or DNAME RR could be returned to clients without DNSSEC validation. [RT #20737] 2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]
Diffstat (limited to 'comms/xisp')
0 files changed, 0 insertions, 0 deletions