FreshPorts -- The Place For Ports If you buy from Amazon USA, please support us by using this link.
Follow us
Blog
Twitter

I am looking for an LTO tape library. Do you have one to spare?
Commit found by message id
Tue, 5 Jul 2011
[ 21:19:20 dougb ] Original commit 
bind98 dns  Deprecated Expiration Date files touched by this commit  An older version of this port was marked as vulnerable. BIND DNS suite with updated DNSSEC and DNS64
Update to versions 9.8.0-P4, 9.7.3-P3, and 9.6-ESV-R4-P3.

ALL BIND USERS ENCOURAGED TO UPGRADE IMMEDIATELY

This update addresses the following vulnerabilities:

CVE-2011-2464
=============
Severity:       High
Exploitable:    Remotely

Description:

A defect in the affected BIND 9 versions allows an attacker to remotely
cause the "named" process to exit using a specially crafted packet. This
defect affects both recursive and authoritative servers. The code location
of the defect makes it impossible to protect BIND using ACLs configured
within named.conf or by disabling any features at compile-time or run-time.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464
https://www.isc.org/software/bind/advisories/cve-2011-2464

CVE-2011-2465
=============
Severity:       High
Exploitable:    Remotely

Description:

A defect in the affected versions of BIND could cause the "named" process
to exit when queried, if the server has recursion enabled and was
configured with an RPZ zone containing certain types of records.
Specifically, these are any DNAME record and certain kinds of CNAME
records.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2465
https://www.isc.org/software/bind/advisories/cve-2011-2465

Additional changes in this version:

* If named is configured to be both authoritative and resursive and
  receives a recursive query for a CNAME in a zone that it is
  authoritative for, if that CNAME also points to a zone the server
  is authoritative for, the recursive part of name will not follow
  the CNAME change and the response will not be a complete CNAME
  chain. [RT #24455]

  Thus the patch for this bug has been removed from the port

* Using Response Policy Zone (RPZ) to query a wildcard CNAME label
  with QUERY type SIG/RRSIG, it can cause named to crash. Fix is
  query type independant. [RT #24715] [CVE-2011-1907]

Number of ports [& non-ports] in this commit: 1

hide all files


3 files found
ActionRevisionLinksFile
modify 1.9 View diff View revision /ports/head/dns/bind98/Makefile
modify 1.7 View diff View revision /ports/head/dns/bind98/distinfo
remove 1.2 View revision /ports/head/dns/bind98/files/patch-bin__named__query.c
Login
User Login
Create account

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD

This site
What is FreshPorts?
About the authors
FAQ
How big is it?
The latest upgrade!
Privacy
Forums
Blog
Contact

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
phpmyadminSep 13
ossec-hids-clientSep 11
ossec-hids-localSep 11
ossec-hids-serverSep 11
chromiumSep 09
trafficserverSep 05
apache22*Sep 03
apache22-event-mpm*Sep 03
apache22-itk-mpm*Sep 03
apache22-peruser-mpm*Sep 03
apache22-worker-mpm*Sep 03
chromiumAug 26
fileAug 21
py-djangoAug 21
py-django-develAug 21

5 vulnerabilities affecting 12 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds


Statistics
Graphs
NEW Graphs (Javascript)
Traffic

Calculated hourly:
Port count 24088
Broken 121
Deprecated 88
Ignore 385
Forbidden 17
Restricted 203
No CDROM 94
Vulnerable 21
Expired 1
Set to expire 83
Interactive 0
new 24 hours 1
new 48 hours4
new 7 days50
new fortnight135
new month246


Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD
Valid HTML, CSS, and RSS.
Copyright © 2000-2014 Dan Langille. All rights reserved.