cvs commit: src/lib/libisc Makefile dns,resolver.c.patch
Simon Schubert
corecode at crater.dragonflybsd.org
Thu Sep 7 03:09:05 PDT 2006
corecode 2006/09/07 03:06:05 PDT
DragonFly src repository
Modified files: (Branch: DragonFly_RELEASE_1_4)
lib/libisc Makefile
Added files: (Branch: DragonFly_RELEASE_1_4)
lib/libisc dns,resolver.c.patch
Log:
Fix CERT Vulnerability Note VU#697164:
"A flaw exists in the way that some versions of BIND handle recursive queries.
It is possible for a remote attacker to trigger an INSIST failure by sending
enough recursive queries that the response to the query arrives after all the
clients looking for the response have left the recursion queue.
Note that although BIND versions 9.2.x also contain the underlying flaw that
causes this vulnerability, ISC reports that the vulnerability is not exposed by
these versions."
Nevertheless, import the patch from ISC BIND 9.2.6-P1
Revision Changes Path
1.7.2.1 +4 -0 src/lib/libisc/Makefile
http://www.dragonflybsd.org/cvsweb/src/lib/libisc/Makefile.diff?r1=1.7&r2=1.7.2.1&f=u
More information about the Commits
mailing list