dougb       2006-11-03 07:47:22 UTC

  FreeBSD ports repository

  Modified files:
    dns/bind9            Makefile distinfo 
  Log:
  Update to version 9.3.2-P2, which addresses the vulnerability
  announced by ISC dated 31 October (delivered via e-mail to the
  [EMAIL PROTECTED] list today):
  
  Description:
          Because of OpenSSL's recently announced vulnerabilities
          (CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named,
          we are announcing this workaround and releasing patches.  A proof of
          concept attack on OpenSSL has been demonstrated for CAN-2006-4339.
  
          OpenSSL is required to use DNSSEC with BIND.
  
  Fix for version 9.3.2-P1 and lower:
          Upgrade to BIND 9.2.3-P2, then generate new RSASHA1 and
          RSAMD5 keys for all old keys using the old default exponent
          and perform a key rollover to these new keys.
  
          These versions also change the default RSA exponent to be
          65537 which is not vulnerable to the attacks described in
          CAN-2006-4339.
  
  Revision  Changes    Path
  1.72      +2 -2      ports/dns/bind9/Makefile
  1.39      +6 -6      ports/dns/bind9/distinfo
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to