Date: Wed, 2 Nov 2016 08:01:42 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r425120 - head/security/vuxml Message-ID: <201611020801.uA281ghY092373@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Wed Nov 2 08:01:42 2016 New Revision: 425120 URL: https://svnweb.freebsd.org/changeset/ports/425120 Log: Document BIND remote DoS vulnerability. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Nov 2 07:19:28 2016 (r425119) +++ head/security/vuxml/vuln.xml Wed Nov 2 08:01:42 2016 (r425120) @@ -58,6 +58,52 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="0b8d01a4-a0d2-11e6-9ca2-d050996490d0"> + <topic>BIND -- Remote Denial of Service vulnerability</topic> + <affects> + <package> + <name>bind99</name> + <range><lt>9.9.9P4</lt></range> + </package> + <package> + <name>bind910</name> + <range><lt>9.10.4P4</lt></range> + </package> + <package> + <name>bind911</name> + <range><lt>9.11.0P1</lt></range> + </package> + <package> + <name>bind9-devel</name> + <range><gt>0</gt></range> + </package> + <package> + <name>FreeBSD</name> + <range><ge>9.3</ge><lt>9.3_50</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>ISC reports:</p> + <blockquote cite="https://kb.isc.org/article/AA-01434/"> + <p>A defect in BIND's handling of responses containing + a DNAME answer can cause a resolver to exit after + encountering an assertion failure in db.c or + resolver.c</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2016-8864</cvename> + <freebsdsa>SA-16:34.bind</freebsdsa> + <url>https://kb.isc.org/article/AA-01434/</url> + </references> + <dates> + <discovery>2016-11-01</discovery> + <entry>2016-11-02</entry> + </dates> + </vuln> + <vuln vid="f4bf713f-6ac7-4b76-8980-47bf90c5419f"> <topic>memcached -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201611020801.uA281ghY092373>