svn commit: r195936 - in head/contrib/bind9: . bin/named
Doug Barton
dougb at FreeBSD.org
Wed Jul 29 00:15:40 UTC 2009
Author: dougb
Date: Wed Jul 29 00:15:39 2009
New Revision: 195936
URL: http://svn.freebsd.org/changeset/base/195936
Log:
Update to version 9.6.1-P1 which addresses a remote DoS vulnerability:
Receipt of a specially-crafted dynamic update message may
cause BIND 9 servers to exit. This vulnerability affects all
servers -- it is not limited to those that are configured to
allow dynamic updates. Access controls will not provide an
effective workaround.
More details can be found here: https://www.isc.org/node/474
All BIND users are encouraged to update to a patched version ASAP.
Approved by: re (re -> SO -> dougb)
Modified:
head/contrib/bind9/ (props changed)
head/contrib/bind9/CHANGES
head/contrib/bind9/bin/named/update.c
head/contrib/bind9/version
Modified: head/contrib/bind9/CHANGES
==============================================================================
--- head/contrib/bind9/CHANGES Wed Jul 29 00:14:14 2009 (r195935)
+++ head/contrib/bind9/CHANGES Wed Jul 29 00:15:39 2009 (r195936)
@@ -1,3 +1,7 @@
+ --- 9.6.1-P1 released ---
+
+2640. [security] A specially crafted update packet will cause named
+ to exit. [RT #20000]
--- 9.6.1 released ---
Modified: head/contrib/bind9/bin/named/update.c
==============================================================================
--- head/contrib/bind9/bin/named/update.c Wed Jul 29 00:14:14 2009 (r195935)
+++ head/contrib/bind9/bin/named/update.c Wed Jul 29 00:15:39 2009 (r195936)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: update.c,v 1.151.12.5 2009/04/30 07:03:37 marka Exp $ */
+/* $Id: update.c,v 1.151.12.5.12.1 2009/07/28 14:18:08 marka Exp $ */
#include <config.h>
@@ -979,7 +979,11 @@ temp_check(isc_mem_t *mctx, dns_diff_t *
if (type == dns_rdatatype_rrsig ||
type == dns_rdatatype_sig)
covers = dns_rdata_covers(&t->rdata);
- else
+ else if (type == dns_rdatatype_any) {
+ dns_db_detachnode(db, &node);
+ dns_diff_clear(&trash);
+ return (DNS_R_NXRRSET);
+ } else
covers = 0;
/*
Modified: head/contrib/bind9/version
==============================================================================
--- head/contrib/bind9/version Wed Jul 29 00:14:14 2009 (r195935)
+++ head/contrib/bind9/version Wed Jul 29 00:15:39 2009 (r195936)
@@ -1,4 +1,4 @@
-# $Id: version,v 1.43.12.5 2009/06/04 04:02:41 marka Exp $
+# $Id: version,v 1.43.12.5.8.1 2009/07/28 14:18:08 marka Exp $
#
# This file must follow /bin/sh rules. It is imported directly via
# configure.
@@ -6,5 +6,5 @@
MAJORVER=9
MINORVER=6
PATCHVER=1
-RELEASETYPE=
-RELEASEVER=
+RELEASETYPE=-P
+RELEASEVER=1
More information about the svn-src-all
mailing list