diff options
| author | Peter Korsgaard <peter@korsgaard.com> | 2017-07-02 17:01:48 +0200 |
|---|---|---|
| committer | Thomas Petazzoni <thomas.petazzoni@free-electrons.com> | 2017-07-02 23:48:41 +0200 |
| commit | a0c53973f87928ae51ca58926951c386c74fc023 (patch) | |
| tree | 4064ed169667ef31698be8af533a5449c2e5d5e1 /package/bind | |
| parent | d2a151cea0a9066015b9e6c1fb714a84faffec0f (diff) | |
| download | buildroot-a0c53973f87928ae51ca58926951c386c74fc023.tar.gz buildroot-a0c53973f87928ae51ca58926951c386c74fc023.zip | |
bind: security bump to version 9.11.1-P2
Fixes the following security issues:
CVE-2017-3142: An error in TSIG authentication can permit unauthorized zone
transfers
An attacker who is able to send and receive messages to an authoritative DNS
server and who has knowledge of a valid TSIG key name may be able to
circumvent TSIG authentication of AXFR requests via a carefully constructed
request packet. A server that relies solely on TSIG keys for protection with
no other ACL protection could be manipulated into:
* providing an AXFR of a zone to an unauthorized recipient
* accepting bogus NOTIFY packets
https://kb.isc.org/article/AA-01504/74/CVE-2017-3142
CVE-2017-3041: An error in TSIG authentication can permit unauthorized dynamic
updates
An attacker who is able to send and receive messages to an authoritative DNS
server and who has knowledge of a valid TSIG key name for the zone and service
being targeted may be able to manipulate BIND into accepting an unauthorized
dynamic update.
https://kb.isc.org/article/AA-01503/74/CVE-2017-3143
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Diffstat (limited to 'package/bind')
| -rw-r--r-- | package/bind/bind.hash | 4 | ||||
| -rw-r--r-- | package/bind/bind.mk | 2 |
2 files changed, 3 insertions, 3 deletions
diff --git a/package/bind/bind.hash b/package/bind/bind.hash index 3f0dda531a..5dd15cb86b 100644 --- a/package/bind/bind.hash +++ b/package/bind/bind.hash @@ -1,2 +1,2 @@ -# Verified from http://ftp.isc.org/isc/bind9/9.11.1-P1/bind-9.11.1-P1.tar.gz.sha256.asc -sha256 6b1b3e88d51b8471bd6aee24a8cea70817e850a5901315dc506f9dde275ca638 bind-9.11.1-P1.tar.gz +# Verified from http://ftp.isc.org/isc/bind9/9.11.1-P1/bind-9.11.1-P2.tar.gz.sha256.asc +sha256 bf53c6431575ae1612ddef66d18ef9baf2a22d842fa5b0cadc971919fd81fea5 bind-9.11.1-P2.tar.gz diff --git a/package/bind/bind.mk b/package/bind/bind.mk index b588eb5223..fd5369a3ea 100644 --- a/package/bind/bind.mk +++ b/package/bind/bind.mk @@ -4,7 +4,7 @@ # ################################################################################ -BIND_VERSION = 9.11.1-P1 +BIND_VERSION = 9.11.1-P2 BIND_SITE = ftp://ftp.isc.org/isc/bind9/$(BIND_VERSION) # bind does not support parallel builds. BIND_MAKE = $(MAKE1) |
