[Bug 230182] [MAINTAINER] dns/nsd upgrade to version 4.1.23
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Jul 30 08:50:40 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=230182
Bug ID: 230182
Summary: [MAINTAINER] dns/nsd upgrade to version 4.1.23
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: Individual Port(s)
Assignee: ports-bugs at FreeBSD.org
Reporter: jaap at NLnetLabs.nl
Attachment #195626 maintainer-approval+
Flags:
Created attachment 195626
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=195626&action=edit
patch to upgrade
NSD versions 4.1.22 and before are vulnerable in comparing TSIG
information and this can be used to discover a TSIG secret.
NSD uses TSIG to protect zone transfers. The TSIG code uses a secret
key to protect the data. The secret key is shared with both sides of
the zone transfer connection. The comparison code in NSD was not time
insensitive, causing the potential for an attacker to use timing
information to discover data about the key contents.
NSD versions from 2.2.0 to 4.1.22 are vulnerable. Upgrade to 4.1.23 or
newer to get the fix.
There is no known exploit.
It was reported by Ondrej Sury (ISC).
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list