security update:

BIND 9.5.2-P2 is a SECURITY PATCH for BIND 9.5.2.  It addresses two
potential cache poisoning vulnerabilities, both of which could allow
a validating recursive nameserver to cache data which had not been
authenticated or was invalid.

CVE identifiers: CVE-2009-4022, CVE-2010-0097
CERT advisories: VU#418861, VU#360341

Changes since 9.5.2-P1:

2831.	[security]	Do not attempt to validate or cache
			out-of-bailiwick data returned with a secure
			answer; it must be re-fetched from its original
			source and validated in that context. [RT #20819]

2828.	[security]	Cached CNAME or DNAME RR could be returned to clients
			without DNSSEC validation. [RT #20737]

2827.	[security]	Bogus NXDOMAIN could be cached as if valid. [RT #20712]
This commit is contained in:
spz 2010-01-21 19:42:16 +00:00
parent 493c13c99e
commit 0b2a0db4dc
2 changed files with 6 additions and 7 deletions

View file

@ -1,8 +1,7 @@
# $NetBSD: Makefile,v 1.15 2010/01/17 12:02:30 wiz Exp $
# $NetBSD: Makefile,v 1.16 2010/01/21 19:42:16 spz Exp $
DISTNAME= bind-${BIND_VERSION}
PKGNAME= ${DISTNAME:S/-P/pl/}
PKGREVISION= 2
CATEGORIES= net
MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ \
http://ftp.belnet.be/pub/mirror/ftp.isc.org/isc/bind9/${BIND_VERSION}/
@ -17,7 +16,7 @@ CONFLICTS+= bind>=9.6.0
PKG_DESTDIR_SUPPORT= user-destdir
MAKE_JOBS_SAFE= no
BIND_VERSION= 9.5.2-P1
BIND_VERSION= 9.5.2-P2
# IPv6 ready, automatically detected
.include "../../mk/bsd.prefs.mk"

View file

@ -1,8 +1,8 @@
$NetBSD: distinfo,v 1.11 2009/11/30 11:58:30 tron Exp $
$NetBSD: distinfo,v 1.12 2010/01/21 19:42:16 spz Exp $
SHA1 (bind-9.5.2-P1.tar.gz) = 532d448554601cec13a645df812638d46fd41743
RMD160 (bind-9.5.2-P1.tar.gz) = 2e2872a06fc1d97e4bcecaea3fb4f009f83cdb2b
Size (bind-9.5.2-P1.tar.gz) = 6799718 bytes
SHA1 (bind-9.5.2-P2.tar.gz) = ffa6df6752976e6bdd05508c5cc5131ef9a097f1
RMD160 (bind-9.5.2-P2.tar.gz) = a0864dadb1af7268a0c54fed3bc178bd17abb55c
Size (bind-9.5.2-P2.tar.gz) = 6674868 bytes
SHA1 (patch-ab) = dd12c457791a75a8b43d9dfd0c0b236dcdbe31a5
SHA1 (patch-ac) = a2c24198044f8cf29198e08a1a10b7e4ea739c40
SHA1 (patch-ad) = 5c8af5a826e4f6891dfdf949b8a541ee33e16c3e