From owner-svn-ports-head@FreeBSD.ORG Wed Dec 5 07:46:05 2012 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1A0C1B9E; Wed, 5 Dec 2012 07:46:05 +0000 (UTC) (envelope-from erwin@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id F30EE8FC0C; Wed, 5 Dec 2012 07:46:04 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id qB57k4GF098752; Wed, 5 Dec 2012 07:46:04 GMT (envelope-from erwin@svn.freebsd.org) Received: (from erwin@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id qB57k34n098746; Wed, 5 Dec 2012 07:46:03 GMT (envelope-from erwin@svn.freebsd.org) Message-Id: <201212050746.qB57k34n098746@svn.freebsd.org> From: Erwin Lansing Date: Wed, 5 Dec 2012 07:46:03 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r308317 - in head: dns/bind98 dns/bind99 security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Dec 2012 07:46:05 -0000 Author: erwin Date: Wed Dec 5 07:46:03 2012 New Revision: 308317 URL: http://svnweb.freebsd.org/changeset/ports/308317 Log: Update to the latest patch level from ISC: BIND 9 nameservers using the DNS64 IPv6 transition mechanism are vulnerable to a software defect that allows a crafted query to crash the server with a REQUIRE assertion failure. Remote exploitation of this defect can be achieved without extensive effort, resulting in a denial-of-service (DoS) vector against affected servers. Security: 2892a8e2-3d68-11e2-8e01-0800273fe665 CVE-2012-5688 Feature safe: yes Modified: head/dns/bind98/Makefile head/dns/bind98/distinfo head/dns/bind99/Makefile head/dns/bind99/distinfo head/security/vuxml/vuln.xml Modified: head/dns/bind98/Makefile ============================================================================== --- head/dns/bind98/Makefile Wed Dec 5 07:28:55 2012 (r308316) +++ head/dns/bind98/Makefile Wed Dec 5 07:46:03 2012 (r308317) @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= bind98 -PORTVERSION= 9.8.4 +PORTVERSION= 9.8.4.1 CATEGORIES= dns net ipv6 MASTER_SITES= ${MASTER_SITE_ISC} MASTER_SITE_SUBDIR= bind9/${ISCVERSION} @@ -11,7 +11,7 @@ MAINTAINER= erwin@FreeBSD.org COMMENT= BIND DNS suite with updated DNSSEC and DNS64 # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.8.4 +ISCVERSION= 9.8.4-P1 MAKE_JOBS_UNSAFE= yes Modified: head/dns/bind98/distinfo ============================================================================== --- head/dns/bind98/distinfo Wed Dec 5 07:28:55 2012 (r308316) +++ head/dns/bind98/distinfo Wed Dec 5 07:46:03 2012 (r308317) @@ -1,4 +1,2 @@ -SHA256 (bind-9.8.4.tar.gz) = fdc378b04af99ed3a4cb82a4b0142fdd751fda568e1f7c7e95eab16ef63cac84 -SIZE (bind-9.8.4.tar.gz) = 7141026 -SHA256 (bind-9.8.4.tar.gz.asc) = dfe508f85143823d024dd4759a36a9a5298c0948fd783679d0f42a557e3663af -SIZE (bind-9.8.4.tar.gz.asc) = 490 +SHA256 (bind-9.8.4-P1.tar.gz) = 60c979575bf6288570cb4e3e9ab9d99bb93a55d2a4946ce277f6e6e642dda21f +SIZE (bind-9.8.4-P1.tar.gz) = 7129321 Modified: head/dns/bind99/Makefile ============================================================================== --- head/dns/bind99/Makefile Wed Dec 5 07:28:55 2012 (r308316) +++ head/dns/bind99/Makefile Wed Dec 5 07:46:03 2012 (r308317) @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= bind99 -PORTVERSION= 9.9.2 +PORTVERSION= 9.9.2.1 CATEGORIES= dns net ipv6 MASTER_SITES= ${MASTER_SITE_ISC} MASTER_SITE_SUBDIR= bind9/${ISCVERSION} @@ -11,7 +11,7 @@ MAINTAINER= erwin@FreeBSD.org COMMENT= BIND DNS suite with updated DNSSEC and DNS64 # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.9.2 +ISCVERSION= 9.9.2-P1 MAKE_JOBS_UNSAFE= yes Modified: head/dns/bind99/distinfo ============================================================================== --- head/dns/bind99/distinfo Wed Dec 5 07:28:55 2012 (r308316) +++ head/dns/bind99/distinfo Wed Dec 5 07:46:03 2012 (r308317) @@ -1,4 +1,2 @@ -SHA256 (bind-9.9.2.tar.gz) = 7e6530b198d512e27a856bbd7426b1a3c47fd55d06d667adb66f760259009b48 -SIZE (bind-9.9.2.tar.gz) = 7285050 -SHA256 (bind-9.9.2.tar.gz.asc) = d759edfd7c69bdc037e368d3e52a508a1ccc3e5d5e95ead62b461afdb24729d9 -SIZE (bind-9.9.2.tar.gz.asc) = 490 +SHA256 (bind-9.9.2-P1.tar.gz) = 4bce7c020402623333b655be5167ae8c52f30a6bfe9750caa3ab70da7d90219c +SIZE (bind-9.9.2-P1.tar.gz) = 7277498 Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Dec 5 07:28:55 2012 (r308316) +++ head/security/vuxml/vuln.xml Wed Dec 5 07:46:03 2012 (r308317) @@ -51,6 +51,48 @@ Note: Please add new entries to the beg --> + + dns/bind9* -- servers using DNS64 can be crashed by a crafted query + + + bind99 + 9.9.2.1 + + + bind99-base + 9.9.2.1 + + + bind98 + 9.8.4.1 + + + bind98-base + 9.8.4.1 + + + + +

ISC reports:

+
+

BIND 9 nameservers using the DNS64 IPv6 transition mechanism are + vulnerable to a software defect that allows a crafted query to + crash the server with a REQUIRE assertion failure. Remote + exploitation of this defect can be achieved without extensive + effort, resulting in a denial-of-service (DoS) vector against + affected servers.

+
+ + + + CVE-2012-5688 + + + 2012-11-27 + 2012-12-04 + + + bogofilter -- heap corruption by invalid base64 input