svn commit: r195935 - in releng: 6.3 6.3/contrib/bind9/bin/named
6.3/sys/conf 6.4 6.4/contrib/bind9/bin/named 6.4/sys/conf 7.1
7.1/contrib/bind9/bin/named 7.1/sys/conf 7.2
7.2/contrib/bind9/bin/nam...
Simon L. Nielsen
simon at FreeBSD.org
Wed Jul 29 00:14:15 UTC 2009
Author: simon
Date: Wed Jul 29 00:14:14 2009
New Revision: 195935
URL: http://svn.freebsd.org/changeset/base/195935
Log:
Fix BIND named(8) dynamic update message remote DoS.
Obtained from: ISC
Security: FreeBSD-SA-09:12.bind
Security: CVE-2009-0696
Approved by: so (simon)
Modified:
releng/6.3/UPDATING
releng/6.3/contrib/bind9/bin/named/update.c
releng/6.3/sys/conf/newvers.sh
releng/6.4/UPDATING
releng/6.4/contrib/bind9/bin/named/update.c
releng/6.4/sys/conf/newvers.sh
releng/7.1/UPDATING
releng/7.1/contrib/bind9/bin/named/update.c
releng/7.1/sys/conf/newvers.sh
releng/7.2/UPDATING
releng/7.2/contrib/bind9/bin/named/update.c
releng/7.2/sys/conf/newvers.sh
Modified: releng/6.3/UPDATING
==============================================================================
--- releng/6.3/UPDATING Wed Jul 29 00:13:47 2009 (r195934)
+++ releng/6.3/UPDATING Wed Jul 29 00:14:14 2009 (r195935)
@@ -8,6 +8,9 @@ Items affecting the ports and packages s
/usr/ports/UPDATING. Please read that file before running
portupgrade.
+20090729: p12 FreeBSD-SA-09:12.bind
+ Fix BIND named(8) dynamic update message remote DoS.
+
20090610: p11 FreeBSD-SA-09:09.pipe, FreeBSD-SA-09:10.ipv6,
FreeBSD-SA-09:11.ntpd
Prevent integer overflow in direct pipe write code from circumventing
Modified: releng/6.3/contrib/bind9/bin/named/update.c
==============================================================================
--- releng/6.3/contrib/bind9/bin/named/update.c Wed Jul 29 00:13:47 2009 (r195934)
+++ releng/6.3/contrib/bind9/bin/named/update.c Wed Jul 29 00:14:14 2009 (r195935)
@@ -859,7 +859,11 @@ temp_check(isc_mem_t *mctx, dns_diff_t *
if (type == dns_rdatatype_rrsig ||
type == dns_rdatatype_sig)
covers = dns_rdata_covers(&t->rdata);
- else
+ else if (type == dns_rdatatype_any) {
+ dns_db_detachnode(db, &node);
+ dns_diff_clear(&trash);
+ return (DNS_R_NXRRSET);
+ } else
covers = 0;
/*
Modified: releng/6.3/sys/conf/newvers.sh
==============================================================================
--- releng/6.3/sys/conf/newvers.sh Wed Jul 29 00:13:47 2009 (r195934)
+++ releng/6.3/sys/conf/newvers.sh Wed Jul 29 00:14:14 2009 (r195935)
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="6.3"
-BRANCH="RELEASE-p11"
+BRANCH="RELEASE-p12"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
Modified: releng/6.4/UPDATING
==============================================================================
--- releng/6.4/UPDATING Wed Jul 29 00:13:47 2009 (r195934)
+++ releng/6.4/UPDATING Wed Jul 29 00:14:14 2009 (r195935)
@@ -8,6 +8,9 @@ Items affecting the ports and packages s
/usr/ports/UPDATING. Please read that file before running
portupgrade.
+20090729: p6 FreeBSD-SA-09:12.bind
+ Fix BIND named(8) dynamic update message remote DoS.
+
20090610: p5 FreeBSD-SA-09:09.pipe, FreeBSD-SA-09:10.ipv6,
FreeBSD-SA-09:11.ntpd
Prevent integer overflow in direct pipe write code from circumventing
Modified: releng/6.4/contrib/bind9/bin/named/update.c
==============================================================================
--- releng/6.4/contrib/bind9/bin/named/update.c Wed Jul 29 00:13:47 2009 (r195934)
+++ releng/6.4/contrib/bind9/bin/named/update.c Wed Jul 29 00:14:14 2009 (r195935)
@@ -863,7 +863,11 @@ temp_check(isc_mem_t *mctx, dns_diff_t *
if (type == dns_rdatatype_rrsig ||
type == dns_rdatatype_sig)
covers = dns_rdata_covers(&t->rdata);
- else
+ else if (type == dns_rdatatype_any) {
+ dns_db_detachnode(db, &node);
+ dns_diff_clear(&trash);
+ return (DNS_R_NXRRSET);
+ } else
covers = 0;
/*
Modified: releng/6.4/sys/conf/newvers.sh
==============================================================================
--- releng/6.4/sys/conf/newvers.sh Wed Jul 29 00:13:47 2009 (r195934)
+++ releng/6.4/sys/conf/newvers.sh Wed Jul 29 00:14:14 2009 (r195935)
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="6.4"
-BRANCH="RELEASE-p5"
+BRANCH="RELEASE-p6"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
Modified: releng/7.1/UPDATING
==============================================================================
--- releng/7.1/UPDATING Wed Jul 29 00:13:47 2009 (r195934)
+++ releng/7.1/UPDATING Wed Jul 29 00:14:14 2009 (r195935)
@@ -8,6 +8,9 @@ Items affecting the ports and packages s
/usr/ports/UPDATING. Please read that file before running
portupgrade.
+20090729: p7 FreeBSD-SA-09:12.bind
+ Fix BIND named(8) dynamic update message remote DoS.
+
20090610: p6 FreeBSD-SA-09:09.pipe, FreeBSD-SA-09:10.ipv6,
FreeBSD-SA-09:11.ntpd
Prevent integer overflow in direct pipe write code from circumventing
Modified: releng/7.1/contrib/bind9/bin/named/update.c
==============================================================================
--- releng/7.1/contrib/bind9/bin/named/update.c Wed Jul 29 00:13:47 2009 (r195934)
+++ releng/7.1/contrib/bind9/bin/named/update.c Wed Jul 29 00:14:14 2009 (r195935)
@@ -861,7 +861,11 @@ temp_check(isc_mem_t *mctx, dns_diff_t *
if (type == dns_rdatatype_rrsig ||
type == dns_rdatatype_sig)
covers = dns_rdata_covers(&t->rdata);
- else
+ else if (type == dns_rdatatype_any) {
+ dns_db_detachnode(db, &node);
+ dns_diff_clear(&trash);
+ return (DNS_R_NXRRSET);
+ } else
covers = 0;
/*
Modified: releng/7.1/sys/conf/newvers.sh
==============================================================================
--- releng/7.1/sys/conf/newvers.sh Wed Jul 29 00:13:47 2009 (r195934)
+++ releng/7.1/sys/conf/newvers.sh Wed Jul 29 00:14:14 2009 (r195935)
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="7.1"
-BRANCH="RELEASE-p6"
+BRANCH="RELEASE-p7"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
Modified: releng/7.2/UPDATING
==============================================================================
--- releng/7.2/UPDATING Wed Jul 29 00:13:47 2009 (r195934)
+++ releng/7.2/UPDATING Wed Jul 29 00:14:14 2009 (r195935)
@@ -8,6 +8,9 @@ Items affecting the ports and packages s
/usr/ports/UPDATING. Please read that file before running
portupgrade.
+20090729: p3 FreeBSD-SA-09:12.bind
+ Fix BIND named(8) dynamic update message remote DoS.
+
20090624: p2 FreeBSD-EN-09:02.bce, FreeBSD-EN-09:03.fxp,
FreeBSD-EN-09:04.fork
Fix packet length calculation in bce(4). [EN-09:02]
Modified: releng/7.2/contrib/bind9/bin/named/update.c
==============================================================================
--- releng/7.2/contrib/bind9/bin/named/update.c Wed Jul 29 00:13:47 2009 (r195934)
+++ releng/7.2/contrib/bind9/bin/named/update.c Wed Jul 29 00:14:14 2009 (r195935)
@@ -865,7 +865,11 @@ temp_check(isc_mem_t *mctx, dns_diff_t *
if (type == dns_rdatatype_rrsig ||
type == dns_rdatatype_sig)
covers = dns_rdata_covers(&t->rdata);
- else
+ else if (type == dns_rdatatype_any) {
+ dns_db_detachnode(db, &node);
+ dns_diff_clear(&trash);
+ return (DNS_R_NXRRSET);
+ } else
covers = 0;
/*
Modified: releng/7.2/sys/conf/newvers.sh
==============================================================================
--- releng/7.2/sys/conf/newvers.sh Wed Jul 29 00:13:47 2009 (r195934)
+++ releng/7.2/sys/conf/newvers.sh Wed Jul 29 00:14:14 2009 (r195935)
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="7.2"
-BRANCH="RELEASE-p2"
+BRANCH="RELEASE-p3"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
More information about the svn-src-all
mailing list