diff options
author | Doug Barton <dougb@FreeBSD.org> | 2009-07-29 00:15:39 +0000 |
---|---|---|
committer | Doug Barton <dougb@FreeBSD.org> | 2009-07-29 00:15:39 +0000 |
commit | 0df811a678955f88546d8479f0efb3659b9a970b (patch) | |
tree | 91c3bfa967d1a0c35239b4a2460a9ca40fa5025c /contrib | |
parent | a9bcca799e6ada27a98b8cc5506ee56d22dd9077 (diff) | |
parent | d5e9ae7e174c2efbbf724c173aa324efe94b7ccc (diff) | |
download | src-0df811a678955f88546d8479f0efb3659b9a970b.tar.gz src-0df811a678955f88546d8479f0efb3659b9a970b.zip |
Update to version 9.6.1-P1 which addresses a remote DoS vulnerability:
Receipt of a specially-crafted dynamic update message may
cause BIND 9 servers to exit. This vulnerability affects all
servers -- it is not limited to those that are configured to
allow dynamic updates. Access controls will not provide an
effective workaround.
More details can be found here: https://www.isc.org/node/474
All BIND users are encouraged to update to a patched version ASAP.
Approved by: re (re -> SO -> dougb)
Notes
Notes:
svn path=/head/; revision=195936
Diffstat (limited to 'contrib')
-rw-r--r-- | contrib/bind9/CHANGES | 4 | ||||
-rw-r--r-- | contrib/bind9/bin/named/update.c | 8 | ||||
-rw-r--r-- | contrib/bind9/version | 6 |
3 files changed, 13 insertions, 5 deletions
diff --git a/contrib/bind9/CHANGES b/contrib/bind9/CHANGES index 2fc7dff36876..1f2c35a14113 100644 --- a/contrib/bind9/CHANGES +++ b/contrib/bind9/CHANGES @@ -1,3 +1,7 @@ + --- 9.6.1-P1 released --- + +2640. [security] A specially crafted update packet will cause named + to exit. [RT #20000] --- 9.6.1 released --- diff --git a/contrib/bind9/bin/named/update.c b/contrib/bind9/bin/named/update.c index ff07311617c5..b0a556d5cc41 100644 --- a/contrib/bind9/bin/named/update.c +++ b/contrib/bind9/bin/named/update.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: update.c,v 1.151.12.5 2009/04/30 07:03:37 marka Exp $ */ +/* $Id: update.c,v 1.151.12.5.12.1 2009/07/28 14:18:08 marka Exp $ */ #include <config.h> @@ -979,7 +979,11 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db, if (type == dns_rdatatype_rrsig || type == dns_rdatatype_sig) covers = dns_rdata_covers(&t->rdata); - else + else if (type == dns_rdatatype_any) { + dns_db_detachnode(db, &node); + dns_diff_clear(&trash); + return (DNS_R_NXRRSET); + } else covers = 0; /* diff --git a/contrib/bind9/version b/contrib/bind9/version index 1b3080fc6f78..3245f02d3fd8 100644 --- a/contrib/bind9/version +++ b/contrib/bind9/version @@ -1,4 +1,4 @@ -# $Id: version,v 1.43.12.5 2009/06/04 04:02:41 marka Exp $ +# $Id: version,v 1.43.12.5.8.1 2009/07/28 14:18:08 marka Exp $ # # This file must follow /bin/sh rules. It is imported directly via # configure. @@ -6,5 +6,5 @@ MAJORVER=9 MINORVER=6 PATCHVER=1 -RELEASETYPE= -RELEASEVER= +RELEASETYPE=-P +RELEASEVER=1 |