cvs commit: src/contrib/bind9 CHANGES README version
src/contrib/bind9/bin/named client.c src/contrib/bind9/lib/dns
dispatch.c src/contrib/bind9/lib/dns/include/dns dispatch.h
Doug Barton
dougb at FreeBSD.org
Wed Jul 25 08:24:40 UTC 2007
dougb 2007-07-25 08:24:40 UTC
FreeBSD src repository
Modified files: (Branch: RELENG_5)
contrib/bind9 CHANGES README version
contrib/bind9/bin/named client.c
contrib/bind9/lib/dns dispatch.c
contrib/bind9/lib/dns/include/dns dispatch.h
Log:
Update to 9.3.4-P1, which fixes the following:
The DNS query id generation is vulnerable to cryptographic
analysis which provides a 1 in 8 chance of guessing the next
query id for 50% of the query ids. This can be used to perform
cache poisoning by an attacker.
This bug only affects outgoing queries, generated by BIND 9 to
answer questions as a resolver, or when it is looking up data
for internal uses, such as when sending NOTIFYs to slave name
servers.
All users are encouraged to upgrade.
See also:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
Revision Changes Path
1.1.1.2.2.8 +12 -0 src/contrib/bind9/CHANGES
1.1.1.1.2.6 +4 -0 src/contrib/bind9/README
1.1.1.1.2.5 +9 -1 src/contrib/bind9/bin/named/client.c
1.1.1.1.2.3 +448 -50 src/contrib/bind9/lib/dns/dispatch.c
1.1.1.1.2.2 +8 -1 src/contrib/bind9/lib/dns/include/dns/dispatch.h
1.1.1.2.2.8 +3 -3 src/contrib/bind9/version
More information about the cvs-src
mailing list