diff options
author | spz <spz@pkgsrc.org> | 2010-01-21 19:54:33 +0000 |
---|---|---|
committer | spz <spz@pkgsrc.org> | 2010-01-21 19:54:33 +0000 |
commit | cafbf18a2ddeac6b959a0ee88c926addb7a91739 (patch) | |
tree | b48559f78b0ffc741193393ffd553db0a4fef0e6 /net | |
parent | db2414ddb5c8a14b91cfaf151ae72fb0601dff78 (diff) | |
download | pkgsrc-cafbf18a2ddeac6b959a0ee88c926addb7a91739.tar.gz |
security update:
BIND 9.4.3-P4 is a SECURITY PATCH for BIND 9.4.3. It addresses a
potential cache poisoning vulnerability, in which data in the additional
section of a response could be cached without proper DNSSEC validation.
Changes since 9.4.3-P3:
2772. [security] When validating, track whether pending data was from
the additional section or not and only return it if
validates as secure. [RT #20438]
BIND 9.4.3-P5 is a SECURITY PATCH for BIND 9.4.3. It addresses two
potential cache poisoning vulnerabilities, both of which could allow
a validating recursive nameserver to cache data which had not been
authenticated or was invalid.
CVE identifiers: CVE-2009-4022, CVE-2010-0097
CERT advisories: VU#418861, VU#360341
Changes since 9.4.3-P4:
2831. [security] Do not attempt to validate or cache
out-of-bailiwick data returned with a secure
answer; it must be re-fetched from its original
source and validated in that context. [RT #20819]
2828. [security] Cached CNAME or DNAME RR could be returned to clients
without DNSSEC validation. [RT #20737]
2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]
Diffstat (limited to 'net')
-rw-r--r-- | net/bind9/Makefile | 5 | ||||
-rw-r--r-- | net/bind9/distinfo | 8 |
2 files changed, 6 insertions, 7 deletions
diff --git a/net/bind9/Makefile b/net/bind9/Makefile index 92e552b137e..b6a57a760c7 100644 --- a/net/bind9/Makefile +++ b/net/bind9/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.111 2010/01/17 12:02:30 wiz Exp $ +# $NetBSD: Makefile,v 1.112 2010/01/21 19:54:33 spz Exp $ DISTNAME= bind-${BIND_VERSION} PKGNAME= ${DISTNAME:S/-P3/pl3/} -PKGREVISION= 2 CATEGORIES= net MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ \ http://ftp.belnet.be/pub/mirror/ftp.isc.org/isc/bind9/${BIND_VERSION}/ @@ -16,7 +15,7 @@ CONFLICTS+= bind>=9.5.0 PKG_DESTDIR_SUPPORT= user-destdir -BIND_VERSION= 9.4.3-P3 +BIND_VERSION= 9.4.3-P5 # IPv6 ready, automatically detected .include "../../mk/bsd.prefs.mk" diff --git a/net/bind9/distinfo b/net/bind9/distinfo index cd80ddba4dd..52deb6d0a8c 100644 --- a/net/bind9/distinfo +++ b/net/bind9/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.45 2009/11/25 22:29:34 joerg Exp $ +$NetBSD: distinfo,v 1.46 2010/01/21 19:54:33 spz Exp $ -SHA1 (bind-9.4.3-P3.tar.gz) = 165b3ee52309ae4a483901db6992a979f6382ba7 -RMD160 (bind-9.4.3-P3.tar.gz) = 1e59f48f538141bb5c36fa58607ac4689cb6a161 -Size (bind-9.4.3-P3.tar.gz) = 6544968 bytes +SHA1 (bind-9.4.3-P5.tar.gz) = 9b7f0bd84be0f91fe1085cedc91c7c14f1e0f97a +RMD160 (bind-9.4.3-P5.tar.gz) = 680146e4120aaa89f2899d4205c17fee5e9e4aa9 +Size (bind-9.4.3-P5.tar.gz) = 6447497 bytes SHA1 (patch-ab) = dd12c457791a75a8b43d9dfd0c0b236dcdbe31a5 SHA1 (patch-ac) = d862218c833dbb129b5104ad26872cd4bf3e7c5f SHA1 (patch-ad) = c788eae58f42ef94eed3f1c5ae09816c280a6a2e |