freebsd-src

Clone
Source Code
GIT

a02f92e Update to version 9.3.2-P2, which addresses the vulnerability

Authored and Committed by Doug Barton 17 years ago
raw patch tree parent
6 files changed. 122 lines added. 44 lines removed.
contrib/bind9/CHANGES
file modified
+15 -0
contrib/bind9/bin/named/query.c
file modified
+2 -2
contrib/bind9/configure.in
file modified
+46 -34
contrib/bind9/lib/dns/opensslrsa_link.c
file modified
+55 -4
contrib/bind9/lib/dns/resolver.c
file modified
+2 -2
contrib/bind9/version
file modified
+2 -2 
    Update to version 9.3.2-P2, which addresses the vulnerability
    announced by ISC dated 31 October (delivered via e-mail to the
    bind-announce@isc.org list on 2 November):
    
    Description:
            Because of OpenSSL's recently announced vulnerabilities
            (CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named,
            we are announcing this workaround and releasing patches.  A proof of
            concept attack on OpenSSL has been demonstrated for CAN-2006-4339.
    
            OpenSSL is required to use DNSSEC with BIND.
    
    Fix for version 9.3.2-P1 and lower:
            Upgrade to BIND 9.3.2-P2, then generate new RSASHA1 and
            RSAMD5 keys for all old keys using the old default exponent
            and perform a key rollover to these new keys.
    
            These versions also change the default RSA exponent to be
            65537 which is not vulnerable to the attacks described in
            CAN-2006-4339.
file modified
+15 -0
file modified
+2 -2
file modified
+46 -34
file modified
+55 -4
file modified
+2 -2
file modified
+2 -2
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.