diff options
author | dougb <dougb@FreeBSD.org> | 2006-11-04 07:53:25 +0000 |
---|---|---|
committer | dougb <dougb@FreeBSD.org> | 2006-11-04 07:53:25 +0000 |
commit | 4a3a088a0b6ffaf0dd6b740dbe537d5a082825d5 (patch) | |
tree | 3043007b955457643a8aaf7cdf24ff1224d3f8e4 /contrib/bind9/CHANGES | |
parent | f79340e225254aa582cac2fa090d84f8f8958755 (diff) | |
download | FreeBSD-src-4a3a088a0b6ffaf0dd6b740dbe537d5a082825d5.zip FreeBSD-src-4a3a088a0b6ffaf0dd6b740dbe537d5a082825d5.tar.gz |
Update to version 9.3.2-P2, which addresses the vulnerability
announced by ISC dated 31 October (delivered via e-mail to the
bind-announce@isc.org list on 2 November):
Description:
Because of OpenSSL's recently announced vulnerabilities
(CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named,
we are announcing this workaround and releasing patches. A proof of
concept attack on OpenSSL has been demonstrated for CAN-2006-4339.
OpenSSL is required to use DNSSEC with BIND.
Fix for version 9.3.2-P1 and lower:
Upgrade to BIND 9.3.2-P2, then generate new RSASHA1 and
RSAMD5 keys for all old keys using the old default exponent
and perform a key rollover to these new keys.
These versions also change the default RSA exponent to be
65537 which is not vulnerable to the attacks described in
CAN-2006-4339.
Diffstat (limited to 'contrib/bind9/CHANGES')
-rw-r--r-- | contrib/bind9/CHANGES | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/contrib/bind9/CHANGES b/contrib/bind9/CHANGES index 0cfafd2..b45cec7 100644 --- a/contrib/bind9/CHANGES +++ b/contrib/bind9/CHANGES @@ -1,4 +1,19 @@ + --- 9.3.2-P2 released --- + +2090. [port] win32: Visual C++ 2005 command line manifest support. + [RT #16417] + +2089. [security] Raise the minimum safe OpenSSL versions to + OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions + prior to these have known security flaws which + are (potentially) exploitable in named. [RT #16391] + +2088. [security] Change the default RSA exponent from 3 to 65537. + [RT #16391] + +2083. [port] win32: Visual C++ 2005 support. + --- 9.3.2-P1 released --- 2066. [security] Handle SIG queries gracefully. [RT #16300] |