diff options
| author | Peter Korsgaard <peter@korsgaard.com> | 2017-07-02 17:01:48 +0200 |
|---|---|---|
| committer | Thomas Petazzoni <thomas.petazzoni@free-electrons.com> | 2017-07-02 23:48:41 +0200 |
| commit | a0c53973f87928ae51ca58926951c386c74fc023 (patch) | |
| tree | 4064ed169667ef31698be8af533a5449c2e5d5e1 /package/qt/0009-Fix-conversion-constructor-error-for-legacy-c-compil.patch | |
| parent | d2a151cea0a9066015b9e6c1fb714a84faffec0f (diff) | |
| download | buildroot-a0c53973f87928ae51ca58926951c386c74fc023.tar.gz buildroot-a0c53973f87928ae51ca58926951c386c74fc023.zip | |
bind: security bump to version 9.11.1-P2
Fixes the following security issues:
CVE-2017-3142: An error in TSIG authentication can permit unauthorized zone
transfers
An attacker who is able to send and receive messages to an authoritative DNS
server and who has knowledge of a valid TSIG key name may be able to
circumvent TSIG authentication of AXFR requests via a carefully constructed
request packet. A server that relies solely on TSIG keys for protection with
no other ACL protection could be manipulated into:
* providing an AXFR of a zone to an unauthorized recipient
* accepting bogus NOTIFY packets
https://kb.isc.org/article/AA-01504/74/CVE-2017-3142
CVE-2017-3041: An error in TSIG authentication can permit unauthorized dynamic
updates
An attacker who is able to send and receive messages to an authoritative DNS
server and who has knowledge of a valid TSIG key name for the zone and service
being targeted may be able to manipulate BIND into accepting an unauthorized
dynamic update.
https://kb.isc.org/article/AA-01503/74/CVE-2017-3143
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Diffstat (limited to 'package/qt/0009-Fix-conversion-constructor-error-for-legacy-c-compil.patch')
0 files changed, 0 insertions, 0 deletions
