diff options
| author | Doug Barton <dougb@FreeBSD.org> | 2011-05-28 00:21:28 +0000 |
|---|---|---|
| committer | Doug Barton <dougb@FreeBSD.org> | 2011-05-28 00:21:28 +0000 |
| commit | 37bb75f74000255f3ea6c7c2d2e9ddae3075c19f (patch) | |
| tree | b74697c394b9c5dace073b5174bc5cb33161ac8b /contrib/bind9/bin/dnssec/dnssec-keygen.c | |
| parent | 7faf44ba96b9bb769c10022e2647be2522b9a1ed (diff) | |
| parent | dcdfcb5422f2154aa1be713ad454590f1ab6724b (diff) | |
Upgrade to 9.6-ESV-R4-P1, which address the following issues:
1. Very large RRSIG RRsets included in a negative cache can trigger
an assertion failure that will crash named (BIND 9 DNS) due to an
off-by-one error in a buffer size check.
This bug affects all resolving name servers, whether DNSSEC validation
is enabled or not, on all BIND versions prior to today. There is a
possibility of malicious exploitation of this bug by remote users.
2. Named could fail to validate zones listed in a DLV that validated
insecure without using DLV and had DS records in the parent zone.
Add a patch provided by ru@ and confirmed by ISC to fix a crash at
shutdown time when a SIG(0) key is being used.
Notes
Notes:
svn path=/head/; revision=222395
Diffstat (limited to 'contrib/bind9/bin/dnssec/dnssec-keygen.c')
| -rw-r--r-- | contrib/bind9/bin/dnssec/dnssec-keygen.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/contrib/bind9/bin/dnssec/dnssec-keygen.c b/contrib/bind9/bin/dnssec/dnssec-keygen.c index 2b9a863b7d46..21841227d439 100644 --- a/contrib/bind9/bin/dnssec/dnssec-keygen.c +++ b/contrib/bind9/bin/dnssec/dnssec-keygen.c @@ -29,7 +29,7 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec-keygen.c,v 1.81.48.2 2010/01/15 23:47:31 tbox Exp $ */ +/* $Id: dnssec-keygen.c,v 1.81.48.2 2010-01-15 23:47:31 tbox Exp $ */ /*! \file */ |