[pkgsrc/trunk]: pkgsrc/net/bind9 security update:

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/net/bind9 security update:
From: spz <spz%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 08:52:19 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/5e8f4aac2a93
branches:  trunk
changeset: 569963:5e8f4aac2a93
user:      spz <spz%pkgsrc.org@localhost>
date:      Thu Jan 21 19:54:33 2010 +0000

description:
security update:
BIND 9.4.3-P4 is a SECURITY PATCH for BIND 9.4.3.  It addresses a
potential cache poisoning vulnerability, in which data in the additional
section of a response could be cached without proper DNSSEC validation.

Changes since 9.4.3-P3:

2772.   [security]      When validating, track whether pending data was from
                        the additional section or not and only return it if
                        validates as secure. [RT #20438]

BIND 9.4.3-P5 is a SECURITY PATCH for BIND 9.4.3.  It addresses two
potential cache poisoning vulnerabilities, both of which could allow
a validating recursive nameserver to cache data which had not been
authenticated or was invalid.

CVE identifiers: CVE-2009-4022, CVE-2010-0097
CERT advisories: VU#418861, VU#360341

Changes since 9.4.3-P4:

2831.   [security]      Do not attempt to validate or cache
                        out-of-bailiwick data returned with a secure
                        answer; it must be re-fetched from its original
                        source and validated in that context. [RT #20819]

2828.   [security]      Cached CNAME or DNAME RR could be returned to clients
                        without DNSSEC validation. [RT #20737]

2827.   [security]      Bogus NXDOMAIN could be cached as if valid. [RT #20712]

diffstat:

 net/bind9/Makefile |  5 ++---
 net/bind9/distinfo |  8 ++++----
 2 files changed, 6 insertions(+), 7 deletions(-)

diffs (38 lines):

diff -r aa31e4d7cf2b -r 5e8f4aac2a93 net/bind9/Makefile
--- a/net/bind9/Makefile        Thu Jan 21 19:42:16 2010 +0000
+++ b/net/bind9/Makefile        Thu Jan 21 19:54:33 2010 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.111 2010/01/17 12:02:30 wiz Exp $
+# $NetBSD: Makefile,v 1.112 2010/01/21 19:54:33 spz Exp $
 
 DISTNAME=      bind-${BIND_VERSION}
 PKGNAME=       ${DISTNAME:S/-P3/pl3/}
-PKGREVISION=   2
 CATEGORIES=    net
 MASTER_SITES=  ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ \
                http://ftp.belnet.be/pub/mirror/ftp.isc.org/isc/bind9/${BIND_VERSION}/
@@ -16,7 +15,7 @@
 
 PKG_DESTDIR_SUPPORT=   user-destdir
 
-BIND_VERSION=  9.4.3-P3
+BIND_VERSION=  9.4.3-P5
 
 # IPv6 ready, automatically detected
 .include "../../mk/bsd.prefs.mk"
diff -r aa31e4d7cf2b -r 5e8f4aac2a93 net/bind9/distinfo
--- a/net/bind9/distinfo        Thu Jan 21 19:42:16 2010 +0000
+++ b/net/bind9/distinfo        Thu Jan 21 19:54:33 2010 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.45 2009/11/25 22:29:34 joerg Exp $
+$NetBSD: distinfo,v 1.46 2010/01/21 19:54:33 spz Exp $
 
-SHA1 (bind-9.4.3-P3.tar.gz) = 165b3ee52309ae4a483901db6992a979f6382ba7
-RMD160 (bind-9.4.3-P3.tar.gz) = 1e59f48f538141bb5c36fa58607ac4689cb6a161
-Size (bind-9.4.3-P3.tar.gz) = 6544968 bytes
+SHA1 (bind-9.4.3-P5.tar.gz) = 9b7f0bd84be0f91fe1085cedc91c7c14f1e0f97a
+RMD160 (bind-9.4.3-P5.tar.gz) = 680146e4120aaa89f2899d4205c17fee5e9e4aa9
+Size (bind-9.4.3-P5.tar.gz) = 6447497 bytes
 SHA1 (patch-ab) = dd12c457791a75a8b43d9dfd0c0b236dcdbe31a5
 SHA1 (patch-ac) = d862218c833dbb129b5104ad26872cd4bf3e7c5f
 SHA1 (patch-ad) = c788eae58f42ef94eed3f1c5ae09816c280a6a2e

Prev by Date: [pkgsrc/trunk]: pkgsrc/net/bind95 security update:
Next by Date: [pkgsrc/trunk]: pkgsrc Added LICENSE information.
Previous by Thread: [pkgsrc/trunk]: pkgsrc/net/bind95 security update:
Next by Thread: [pkgsrc/trunk]: pkgsrc Added LICENSE information.
Indexes:

Home | Main Index | Thread Index | Old Index