FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  527243
Date:      2020-02-27
Time:      10:23:32Z
Committer: fluffy

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
d4c7e9a9-d893-11e6-9b4d-d050996490d0BIND -- multiple vulnerabilities

ISC reports:

A malformed query response received by a recursive server in response to a query of RTYPE ANY could trigger an assertion failure while named is attempting to add the RRs in the query response to the cache.

Depending on the type of query and the EDNS options in the query they receive, DNSSEC-enabled authoritative servers are expected to include RRSIG and other RRsets in their responses to recursive servers. DNSSEC-validating servers will also make specific queries for DS and other RRsets. Whether DNSSEC-validating or not, an error in processing malformed query responses that contain DNSSEC-related RRsets that are inconsistent with other RRsets in the same query response can trigger an assertion failure. Although the combination of properties which triggers the assertion should not occur in normal traffic, it is potentially possible for the assertion to be triggered deliberately by an attacker sending a specially-constructed answer.

An unusually-formed answer containing a DS resource record could trigger an assertion failure. While the combination of properties which triggers the assertion should not occur in normal traffic, it is potentially possible for the assertion to be triggered deliberately by an attacker sending a specially-constructed answer having the required properties.

An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was using a configuration that met the criteria for the vulnerability and if the attacker could cause it to accept a query that possessed the required attributes.


Discovery 2017-01-11
Entry 2017-01-12
bind99
lt 9.9.9P5

bind910
lt 9.10.4P5

bind911
lt 9.11.0P2

bind9-devel
le 9.12.0.a.2016.12.28

FreeBSD
ge 9.3 lt 10.0

CVE-2016-9131
CVE-2016-9147
CVE-2016-9444
CVE-2016-9778
https://kb.isc.org/article/AA-01439/0
https://kb.isc.org/article/AA-01440/0
https://kb.isc.org/article/AA-01441/0
https://kb.isc.org/article/AA-01442/0
7a31e0de-5b6d-11e6-b334-002590263bf5bind -- denial of service vulnerability

ISC reports:

A query name which is too long can cause a segmentation fault in lwresd.


Discovery 2016-07-18
Entry 2016-08-06
bind99
lt 9.9.9P2

bind910
lt 9.10.4P2

bind911
lt 9.11.0.b2

bind9-devel
lt 9.12.0.a.2016.07.14

CVE-2016-2775
https://kb.isc.org/article/AA-01393
c8d902b1-8550-11e6-81e7-d050996490d0BIND -- Remote Denial of Service vulnerability

ISC reports:

Testing by ISC has uncovered a critical error condition which can occur when a nameserver is constructing a response. A defect in the rendering of messages into packets can cause named to exit with an assertion failure in buffer.c while constructing a response to a query that meets certain criteria.


Discovery 2016-09-27
Entry 2016-09-28
Modified 2016-10-10
bind99
lt 9.9.9P3

bind910
lt 9.10.4P3

bind911
lt 9.11.0.rc3

bind9-devel
lt 9.12.0.a.2016.09.10

FreeBSD
ge 9.3 lt 9.3_48

CVE-2016-2776
SA-16:28.bind
https://kb.isc.org/article/AA-01419
c6861494-1ffb-11e7-934d-d05099c0ae8cBIND -- multiple vulnerabilities

ISC reports:

A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate.

An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met.

Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order.

named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc.

A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string.


Discovery 2017-04-12
Entry 2017-04-13
Modified 2017-04-13
bind99
lt 9.9.9P8

bind910
lt 9.10.4P8

bind911
lt 9.11.0P5

bind9-devel
le 9.12.0.a.2017.03.25

CVE-2017-3136
CVE-2017-3137
CVE-2017-3138
https://kb.isc.org/article/AA-01465/0
https://kb.isc.org/article/AA-01466/0
https://kb.isc.org/article/AA-01471/0
0b8d01a4-a0d2-11e6-9ca2-d050996490d0BIND -- Remote Denial of Service vulnerability

ISC reports:

A defect in BIND's handling of responses containing a DNAME answer can cause a resolver to exit after encountering an assertion failure in db.c or resolver.c


Discovery 2016-11-01
Entry 2016-11-02
bind99
lt 9.9.9P4

bind910
lt 9.10.4P4

bind911
lt 9.11.0P1

bind9-devel
le 9.12.0.a.2016.10.21

FreeBSD
ge 9.3 lt 9.3_50

CVE-2016-8864
SA-16:34.bind
https://kb.isc.org/article/AA-01434/
7d08e608-5e95-11e6-b334-002590263bf5BIND,Knot,NSD,PowerDNS -- denial over service via oversized zone transfers

ISC reports:

DNS protocols were designed with the assumption that a certain amount of trust could be presumed between the operators of primary and secondary servers for a given zone. However, in current practice some organizations have scenarios which require them to accept zone data from sources that are not fully trusted (for example: providers of secondary name service). A party who is allowed to feed data into a zone (e.g. by AXFR, IXFR, or Dynamic DNS updates) can overwhelm the server which is accepting data by intentionally or accidentally exhausting that server's memory.


Discovery 2016-07-06
Entry 2016-08-10
Modified 2017-04-24
bind99
le 9.9.9P2

bind910
le 9.10.4P2

bind911
le 9.11.0.b2

bind9-devel
le 9.12.0.a.2016.11.02

knot
knot1
lt 1.6.8

knot2
lt 2.3.0

nsd
lt 4.1.11

powerdns
lt 4.0.1

CVE-2016-6170
CVE-2016-6171
CVE-2016-6172
CVE-2016-6173
https://kb.isc.org/article/AA-01390
http://www.openwall.com/lists/oss-security/2016/07/06/4