rtime.felk.cvut.cz Git - coffee/buildroot.git/commit

author	Peter Korsgaard <peter@korsgaard.com>
	Sun, 2 Jul 2017 15:01:48 +0000 (17:01 +0200)
committer	Peter Korsgaard <peter@korsgaard.com>
	Tue, 4 Jul 2017 15:32:12 +0000 (17:32 +0200)
commit	783d9bea4a93261187ad9d1a01cdd0fb7dccd3b2
tree	e21d029fd7edd65b6c255f5794bf4fbf2fa73a2a	tree \| snapshot
parent	a0981a58ca57db3a4f2cec027be727ca3b333ed9	commit \| diff

bind: security bump to version 9.11.1-P2

Fixes the following security issues:

CVE-2017-3142: An error in TSIG authentication can permit unauthorized zone
transfers

An attacker who is able to send and receive messages to an authoritative DNS
server and who has knowledge of a valid TSIG key name may be able to
circumvent TSIG authentication of AXFR requests via a carefully constructed
request packet. A server that relies solely on TSIG keys for protection with
no other ACL protection could be manipulated into:

* providing an AXFR of a zone to an unauthorized recipient
* accepting bogus NOTIFY packets

https://kb.isc.org/article/AA-01504/74/CVE-2017-3142

CVE-2017-3041: An error in TSIG authentication can permit unauthorized dynamic
updates

An attacker who is able to send and receive messages to an authoritative DNS
server and who has knowledge of a valid TSIG key name for the zone and service
being targeted may be able to manipulate BIND into accepting an unauthorized
dynamic update.

https://kb.isc.org/article/AA-01503/74/CVE-2017-3143

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit a0c53973f87928ae51ca58926951c386c74fc023)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/bind/bind.hash		diff \| blob \| history
package/bind/bind.mk		diff \| blob \| history