Date: Mon, 30 Jul 2018 08:50:37 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 230182] [MAINTAINER] dns/nsd upgrade to version 4.1.23 Message-ID: <bug-230182-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D230182 Bug ID: 230182 Summary: [MAINTAINER] dns/nsd upgrade to version 4.1.23 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: jaap@NLnetLabs.nl Attachment #195626 maintainer-approval+ Flags: Created attachment 195626 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D195626&action= =3Dedit patch to upgrade NSD versions 4.1.22 and before are vulnerable in comparing TSIG information and this can be used to discover a TSIG secret. NSD uses TSIG to protect zone transfers. The TSIG code uses a secret key to protect the data. The secret key is shared with both sides of the zone transfer connection. The comparison code in NSD was not time insensitive, causing the potential for an attacker to use timing information to discover data about the key contents. NSD versions from 2.2.0 to 4.1.22 are vulnerable. Upgrade to 4.1.23 or newer to get the fix. There is no known exploit. It was reported by Ondrej Sury (ISC). --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-230182-7788>