Date: Tue, 24 Jul 2007 22:02:16 +0000 (UTC) From: Doug Barton <dougb@FreeBSD.org> To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/dns/bind94 Makefile distinfo Message-ID: <200707242202.l6OM2GIb003943@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
dougb 2007-07-24 22:02:16 UTC
FreeBSD ports repository
Modified files:
dns/bind94 Makefile distinfo
Log:
Update to 9.4.1-P1, which has fixes for the following:
1. The default access control lists (acls) are not being
correctly set. If not set anyone can make recursive queries
and/or query the cache contents.
See also:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925
2. The DNS query id generation is vulnerable to cryptographic
analysis which provides a 1 in 8 chance of guessing the next
query id for 50% of the query ids. This can be used to perform
cache poisoning by an attacker.
This bug only affects outgoing queries, generated by BIND 9 to
answer questions as a resolver, or when it is looking up data
for internal uses, such as when sending NOTIFYs to slave name
servers.
All users are encouraged to upgrade.
See also:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
Revision Changes Path
1.80 +2 -2 ports/dns/bind94/Makefile
1.45 +6 -6 ports/dns/bind94/distinfo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200707242202.l6OM2GIb003943>