FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  363221
Date:      2014-07-28
Time:      18:38:13Z
Committer: cs

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
53a0ddef-0208-11e2-8afa-0024e830109bdns/bind9* -- Several vulnerabilities

ISC reports:

Prevents a crash when queried for a record whose RDATA exceeds 65535 bytes.

Prevents a crash when validating caused by using "Bad cache" data before it has been initialized.

ISC_QUEUE handling for recursive clients was updated to address a race condition that could cause a memory leak. This rarely occurred with UDP clients, but could be a significant problem for a server handling a steady rate of TCP queries.

A condition has been corrected where improper handling of zero-length RDATA could cause undesirable behavior, including termination of the named process.


Discovery 2012-09-12
Entry 2012-09-18
bind99
lt 9.9.1.3

bind98
lt 9.8.3.3

bind97
lt 9.7.6.3

bind96
lt 9.6.3.1.ESV.R7.3


72f35727-ce83-11e2-be04-005056a37f68dns/bind9* -- A recursive resolver can be crashed by a query for a malformed zone

ISC reports:

A bug has been discovered in the most recent releases of BIND 9 which has the potential for deliberate exploitation as a denial-of-service attack. By sending a recursive resolver a query for a record in a specially malformed zone, an attacker can cause BIND 9 to exit with a fatal "RUNTIME_CHECK" error in resolver.c.


Discovery 2013-06-04
Entry 2013-06-06
Modified 2013-06-07
bind99
gt 9.9.3 lt 9.9.3.1

bind99-base
gt 9.9.3 lt 9.9.3.1

bind98
gt 9.8.5 lt 9.8.5.1

bind98-base
gt 9.8.5 lt 9.8.5.1

bind96
gt 9.6.3.1.ESV.R9 lt 9.6.3.2.ESV.R9

bind96-base
gt 9.6.3.1.ESV.R9 lt 9.6.3.2.ESV.R9

CVE-2013-3919
57a700f9-12c0-11e2-9f86-001d923933b6dns/bind9* -- crash on deliberately constructed combination of records

ISC reports:

A deliberately constructed combination of records could cause named to hang while populating the additional section of a response.


Discovery 2012-09-26
Entry 2012-10-10
bind99
lt 9.9.1.4

bind98
lt 9.8.3.4

bind97
lt 9.7.6.4

bind96
lt 9.6.3.1.ESV.R7.4

CVE-2012-5166
57a700f9-12c0-11e2-9f86-001d923933b6dns/bind9* -- crash on deliberately constructed combination of records

ISC reports:

A deliberately constructed combination of records could cause named to hang while populating the additional section of a response.


Discovery 2012-09-26
Entry 2012-10-10
bind99
lt 9.9.1.4

bind98
lt 9.8.3.4

bind97
lt 9.7.6.4

bind96
lt 9.6.3.1.ESV.R7.4

CVE-2012-5166