projects / feed / packages.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 996773d) | patch
bind: Update to version 9.11.3 and optionally support eddsa for dnssec
authorNoah Meyerhans <frodo@morgul.net>
Thu, 14 Jun 2018 00:25:38 +0000 (17:25 -0700)
committerNoah Meyerhans <frodo@morgul.net>
Thu, 14 Jun 2018 04:46:03 +0000 (21:46 -0700)
commit037f1def7d0da79868e0e303996d9fb14efb54ac
treee866422f9d6f3adb1ee5d60081bf1419de529e9btree | snapshot
parent996773d366742bf04555fa275fdf42275897f109commit | diff
bind: Update to version 9.11.3 and optionally support eddsa for dnssec

EdDSA support is optional and currently defaults to being disabled.

The following security issues are addressed with this update:

  * An error in TSIG handling could permit unauthorized zone transfers
    or zone updates. These flaws are disclosed in CVE-2017-3142 and
    CVE-2017-3143.
  * The BIND installer on Windows used an unquoted service path, which
    can enable privilege escalation. This flaw is disclosed in
    CVE-2017-3141.
  * With certain RPZ configurations, a response with TTL 0 could cause
    named to go into an infinite query loop. This flaw is disclosed in
    CVE-2017-3140.
  * Addresses could be referenced after being freed during resolver
    processing, causing an assertion failure. The chances of this
    happening were remote, but the introduction of a delay in
    resolution increased them. This bug is disclosed in CVE-2017-3145.

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
net/bind/Config.in diff | blob | history
net/bind/Makefile diff | blob | history
Mirror of packages feed