cvs commit: src/contrib/bind9 - Imported sources

Doug Barton dougb at FreeBSD.org
Sat Nov 4 07:53:31 UTC 2006


dougb       2006-11-04 07:53:26 UTC

  FreeBSD src repository

  src/contrib/bind9 - Imported sources
  Update of /home/ncvs/src/contrib/bind9
  In directory repoman.freebsd.org:/tmp/cvs-serv28030
  
  Log Message:
  Update to version 9.3.2-P2, which addresses the vulnerability
  announced by ISC dated 31 October (delivered via e-mail to the
  bind-announce at isc.org list on 2 November):
  
  Description:
          Because of OpenSSL's recently announced vulnerabilities
          (CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named,
          we are announcing this workaround and releasing patches.  A proof of
          concept attack on OpenSSL has been demonstrated for CAN-2006-4339.
  
          OpenSSL is required to use DNSSEC with BIND.
  
  Fix for version 9.3.2-P1 and lower:
          Upgrade to BIND 9.3.2-P2, then generate new RSASHA1 and
          RSAMD5 keys for all old keys using the old default exponent
          and perform a key rollover to these new keys.
  
          These versions also change the default RSA exponent to be
          65537 which is not vulnerable to the attacks described in
          CAN-2006-4339.
  
  Status:
  
  Vendor Tag:	ISC
  Release Tags:	BIND_9_3_2_P2
  		
  U src/contrib/bind9/version
  U src/contrib/bind9/configure.in
  U src/contrib/bind9/CHANGES
  U src/contrib/bind9/bin/named/query.c
  U src/contrib/bind9/lib/dns/resolver.c
  U src/contrib/bind9/lib/dns/opensslrsa_link.c
  
  No conflicts created by this import
  


More information about the cvs-all mailing list