dougb 2006-11-04 07:53:26 UTC FreeBSD src repository
src/contrib/bind9 - Imported sources Update of /home/ncvs/src/contrib/bind9 In directory repoman.freebsd.org:/tmp/cvs-serv28030 Log Message: Update to version 9.3.2-P2, which addresses the vulnerability announced by ISC dated 31 October (delivered via e-mail to the [EMAIL PROTECTED] list on 2 November): Description: Because of OpenSSL's recently announced vulnerabilities (CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named, we are announcing this workaround and releasing patches. A proof of concept attack on OpenSSL has been demonstrated for CAN-2006-4339. OpenSSL is required to use DNSSEC with BIND. Fix for version 9.3.2-P1 and lower: Upgrade to BIND 9.3.2-P2, then generate new RSASHA1 and RSAMD5 keys for all old keys using the old default exponent and perform a key rollover to these new keys. These versions also change the default RSA exponent to be 65537 which is not vulnerable to the attacks described in CAN-2006-4339. Status: Vendor Tag: ISC Release Tags: BIND_9_3_2_P2 U src/contrib/bind9/version U src/contrib/bind9/configure.in U src/contrib/bind9/CHANGES U src/contrib/bind9/bin/named/query.c U src/contrib/bind9/lib/dns/resolver.c U src/contrib/bind9/lib/dns/opensslrsa_link.c No conflicts created by this import _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "[EMAIL PROTECTED]"