|author||Doug Barton <dougb@FreeBSD.org>||2006-11-04 07:53:25 +0000|
|committer||Doug Barton <dougb@FreeBSD.org>||2006-11-04 07:53:25 +0000|
Update to version 9.3.2-P2, which addresses the vulnerability
announced by ISC dated 31 October (delivered via e-mail to the firstname.lastname@example.org list on 2 November): Description: Because of OpenSSL's recently announced vulnerabilities (CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named, we are announcing this workaround and releasing patches. A proof of concept attack on OpenSSL has been demonstrated for CAN-2006-4339. OpenSSL is required to use DNSSEC with BIND. Fix for version 9.3.2-P1 and lower: Upgrade to BIND 9.3.2-P2, then generate new RSASHA1 and RSAMD5 keys for all old keys using the old default exponent and perform a key rollover to these new keys. These versions also change the default RSA exponent to be 65537 which is not vulnerable to the attacks described in CAN-2006-4339.
Notes: svn path=/vendor/bind9/dist/; revision=163976
Diffstat (limited to 'contrib/bind9/lib/dns/resolver.c')
1 files changed, 2 insertions, 2 deletions
diff --git a/contrib/bind9/lib/dns/resolver.c b/contrib/bind9/lib/dns/resolver.c
index 28779645a560..a5474f1ae020 100644
@@ -1,5 +1,5 @@
- * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
-/* $Id: resolver.c,v 188.8.131.52.184.108.40.206 2006/08/17 07:12:31 marka Exp $ */
+/* $Id: resolver.c,v 220.127.116.11.18.104.22.168 2006/10/04 07:06:02 marka Exp $ */