diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-09:04.bind.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-SA-09:04.bind.asc | 452 |
1 files changed, 452 insertions, 0 deletions
diff --git a/share/security/advisories/FreeBSD-SA-09:04.bind.asc b/share/security/advisories/FreeBSD-SA-09:04.bind.asc new file mode 100644 index 0000000000..a73bdb56e8 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-09:04.bind.asc @@ -0,0 +1,452 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-09:04.bind Security Advisory + The FreeBSD Project + +Topic: BIND DNSSEC incorrect checks for malformed signatures + +Category: contrib +Module: bind +Announced: 2009-01-13 +Credits: Google Security Team +Affects: All supported FreeBSD versions +Corrected: 2009-01-10 03:00:21 UTC (RELENG_7, 7.1-STABLE) + 2009-01-13 21:19:27 UTC (RELENG_7_1, 7.1-RELEASE-p2) + 2009-01-13 21:19:27 UTC (RELENG_7_0, 7.0-RELEASE-p9) + 2009-01-10 04:30:27 UTC (RELENG_6, 6.4-STABLE) + 2009-01-13 21:19:27 UTC (RELENG_6_4, 6.4-RELEASE-p3) + 2009-01-13 21:19:27 UTC (RELENG_6_3, 6.3-RELEASE-p9) +CVE Name: CVE-2009-0025 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:http://security.FreeBSD.org/>. + +I. Background + +BIND 9 is an implementation of the Domain Name System (DNS) protocols. +The named(8) daemon is an Internet Domain Name Server. DNS Security +Extensions (DNSSEC) are additional protocol options that add +authentication as part of responses to DNS queries. + +FreeBSD includes software from the OpenSSL Project. The OpenSSL +Project is a collaborative effort to develop a robust, +commercial-grade, full-featured Open Source toolkit implementing the +Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) +protocols as well as a full-strength general purpose cryptography +library. + +II. Problem Description + +The DSA_do_verify() function from OpenSSL is used to determine if a +DSA digital signature is valid. When DNSSEC is used within BIND it +uses DSA_do_verify() to verify DSA signatures, but checks the function +return value incorrectly. + +III. Impact + +It is in theory possible to spoof a DNS reply even though DNSSEC +is set up to validate answers. This could be used by an attacker for +man-in-the-middle or other spoofing attacks. + +IV. Workaround + +Disable the the DSA algorithm in named.conf. This will cause answers +from zones signed only with DSA to be treated as insecure. Add the +following to the options section of named.conf: + + disable-algorithms . { DSA; }; + +NOTE WELL: If named(8) is not explicitly set to use DNSSEC the setup is +not vulnerable to the issue as described in this Security Advisory. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the +RELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch +dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 6.3, 6.4, +7.0, and 7.1 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-09:04/bind.patch +# fetch http://security.FreeBSD.org/patches/SA-09:04/bind.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/bind +# make obj && make depend && make && make install +# cd /usr/src/usr.sbin/named +# make obj && make depend && make && make install +# /etc/rc.d/named restart + +c) Install and use a fixed version of BIND from the FreeBSD Ports +Collection. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6 + src/contrib/bind9/CHANGES 1.1.1.3.2.10 + src/contrib/bind9/FAQ 1.1.1.2.2.5 + src/contrib/bind9/FAQ.xml 1.1.1.1.2.5 + src/contrib/bind9/README 1.1.1.2.2.6 + src/contrib/bind9/aclocal.m4 1.1.4.1 + src/contrib/bind9/bin/dig/dig.1 1.1.1.1.4.4 + src/contrib/bind9/bin/dig/dig.c 1.1.1.2.2.4 + src/contrib/bind9/bin/dig/dig.docbook 1.1.1.1.4.3 + src/contrib/bind9/bin/dig/dig.html 1.1.1.1.4.4 + src/contrib/bind9/bin/dig/dighost.c 1.1.1.2.2.5 + src/contrib/bind9/bin/dig/host.1 1.1.1.1.4.4 + src/contrib/bind9/bin/dig/host.docbook 1.1.1.1.4.3 + src/contrib/bind9/bin/dig/host.html 1.1.1.1.4.4 + src/contrib/bind9/bin/dnssec/dnssec-keygen.8 1.1.1.1.4.4 + src/contrib/bind9/bin/dnssec/dnssec-keygen.docbook 1.1.1.1.4.3 + src/contrib/bind9/bin/dnssec/dnssec-keygen.html 1.1.1.1.4.4 + src/contrib/bind9/bin/dnssec/dnssec-signzone.8 1.1.1.1.4.4 + src/contrib/bind9/bin/dnssec/dnssec-signzone.c 1.1.1.2.2.4 + src/contrib/bind9/bin/dnssec/dnssec-signzone.docbook 1.1.1.1.4.3 + src/contrib/bind9/bin/dnssec/dnssec-signzone.html 1.1.1.1.4.4 + src/contrib/bind9/bin/named/client.c 1.1.1.2.2.7 + src/contrib/bind9/bin/named/config.c 1.1.1.2.2.4 + src/contrib/bind9/bin/named/controlconf.c 1.1.1.1.4.4 + src/contrib/bind9/bin/named/include/named/globals.h 1.1.1.1.4.2 + src/contrib/bind9/bin/named/interfacemgr.c 1.1.1.1.4.4 + src/contrib/bind9/bin/named/lwresd.8 1.1.1.1.4.4 + src/contrib/bind9/bin/named/lwresd.c 1.1.1.1.4.3 + src/contrib/bind9/bin/named/lwresd.docbook 1.1.1.1.4.3 + src/contrib/bind9/bin/named/lwresd.html 1.1.1.1.4.4 + src/contrib/bind9/bin/named/main.c 1.1.1.2.2.3 + src/contrib/bind9/bin/named/named.8 1.1.1.1.4.4 + src/contrib/bind9/bin/named/named.conf.5 1.1.1.2.2.4 + src/contrib/bind9/bin/named/named.conf.docbook 1.1.1.2.2.5 + src/contrib/bind9/bin/named/named.conf.html 1.1.1.2.2.4 + src/contrib/bind9/bin/named/named.docbook 1.1.1.1.4.4 + src/contrib/bind9/bin/named/named.html 1.1.1.1.4.4 + src/contrib/bind9/bin/named/query.c 1.1.1.1.4.6 + src/contrib/bind9/bin/named/server.c 1.1.1.2.2.6 + src/contrib/bind9/bin/named/unix/include/named/os.h 1.1.1.2.2.2 + src/contrib/bind9/bin/named/unix/os.c 1.1.1.2.2.4 + src/contrib/bind9/bin/named/update.c 1.1.1.2.2.4 + src/contrib/bind9/bin/nsupdate/Makefile.in 1.1.1.1.4.2 + src/contrib/bind9/bin/nsupdate/nsupdate.1 1.1.4.1 + src/contrib/bind9/bin/nsupdate/nsupdate.8 1.1.1.1.4.4 + src/contrib/bind9/bin/nsupdate/nsupdate.docbook 1.1.1.1.4.3 + src/contrib/bind9/bin/nsupdate/nsupdate.html 1.1.1.1.4.4 + src/contrib/bind9/bin/rndc/rndc-confgen.c 1.1.1.2.2.1 + src/contrib/bind9/bin/rndc/rndc.c 1.1.1.3.2.3 + src/contrib/bind9/config.h.in 1.1.4.1 + src/contrib/bind9/configure.in 1.1.1.2.2.6 + src/contrib/bind9/lib/bind/aclocal.m4 1.1.1.2.2.2 + src/contrib/bind9/lib/bind/api 1.1.1.2.2.4 + src/contrib/bind9/lib/bind/bsd/Makefile.in 1.1.1.1.4.1 + src/contrib/bind9/lib/bind/bsd/strerror.c 1.1.1.1.4.1 + src/contrib/bind9/lib/bind/bsd/strtoul.c 1.1.1.1.4.1 + src/contrib/bind9/lib/bind/config.h.in 1.1.1.2.2.4 + src/contrib/bind9/lib/bind/configure.in 1.1.1.2.2.5 + src/contrib/bind9/lib/bind/dst/Makefile.in 1.1.1.1.4.1 + src/contrib/bind9/lib/bind/dst/dst_api.c 1.1.1.2.2.4 + src/contrib/bind9/lib/bind/dst/hmac_link.c 1.1.1.1.4.4 + src/contrib/bind9/lib/bind/dst/support.c 1.1.1.1.4.2 + src/contrib/bind9/lib/bind/include/arpa/nameser.h 1.1.1.1.4.1 + src/contrib/bind9/lib/bind/include/isc/assertions.h 1.1.1.1.4.1 + src/contrib/bind9/lib/bind/include/isc/misc.h 1.1.1.1.4.1 + src/contrib/bind9/lib/bind/include/resolv.h 1.1.1.1.4.2 + src/contrib/bind9/lib/bind/inet/Makefile.in 1.1.1.1.4.1 + src/contrib/bind9/lib/bind/inet/inet_net_pton.c 1.1.1.1.4.1 + src/contrib/bind9/lib/bind/irs/Makefile.in 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/irs/dns_ho.c 1.1.1.1.4.4 + src/contrib/bind9/lib/bind/irs/irp.c 1.1.1.1.4.2 + src/contrib/bind9/lib/bind/isc/Makefile.in 1.1.1.1.4.1 + src/contrib/bind9/lib/bind/isc/assertions.c 1.1.1.1.4.1 + src/contrib/bind9/lib/bind/isc/bitncmp.c 1.1.1.1.4.1 + src/contrib/bind9/lib/bind/isc/ctl_clnt.c 1.1.1.1.4.2 + src/contrib/bind9/lib/bind/isc/ctl_srvr.c 1.1.1.1.4.2 + src/contrib/bind9/lib/bind/nameser/Makefile.in 1.1.1.1.4.1 + src/contrib/bind9/lib/bind/port_after.h.in 1.1.1.2.2.4 + src/contrib/bind9/lib/bind/resolv/Makefile.in 1.1.1.1.4.2 + src/contrib/bind9/lib/bind/resolv/res_debug.c 1.1.1.1.4.2 + src/contrib/bind9/lib/bind/resolv/res_mkquery.c 1.1.1.1.4.1 + src/contrib/bind9/lib/bind/resolv/res_query.c 1.1.1.1.4.1 + src/contrib/bind9/lib/bind9/api 1.1.1.2.2.4 + src/contrib/bind9/lib/bind9/check.c 1.1.1.2.2.4 + src/contrib/bind9/lib/dns/adb.c 1.1.1.2.2.4 + src/contrib/bind9/lib/dns/api 1.1.1.2.2.7 + src/contrib/bind9/lib/dns/cache.c 1.1.1.1.4.3 + src/contrib/bind9/lib/dns/dispatch.c 1.1.1.1.4.6 + src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.1.4.5 + src/contrib/bind9/lib/dns/journal.c 1.1.1.2.2.3 + src/contrib/bind9/lib/dns/masterdump.c 1.1.1.1.4.2 + src/contrib/bind9/lib/dns/message.c 1.1.1.1.4.5 + src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.1.4.3 + src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.1.4.3 + src/contrib/bind9/lib/dns/rbt.c 1.1.1.2.2.3 + src/contrib/bind9/lib/dns/rdata/generic/nsec_47.c 1.1.1.1.4.1 + src/contrib/bind9/lib/dns/rdata/generic/nsec_47.h 1.1.1.1.4.1 + src/contrib/bind9/lib/dns/rdata/generic/txt_16.c 1.1.1.1.4.2 + src/contrib/bind9/lib/dns/rdata/in_1/naptr_35.c 1.1.1.1.4.1 + src/contrib/bind9/lib/dns/request.c 1.1.1.1.4.4 + src/contrib/bind9/lib/dns/resolver.c 1.1.1.2.2.10 + src/contrib/bind9/lib/dns/validator.c 1.1.1.2.2.5 + src/contrib/bind9/lib/dns/view.c 1.1.1.1.4.2 + src/contrib/bind9/lib/dns/xfrin.c 1.1.1.2.2.5 + src/contrib/bind9/lib/isc/Makefile.in 1.1.1.1.4.1 + src/contrib/bind9/lib/isc/api 1.1.1.2.2.5 + src/contrib/bind9/lib/isc/assertions.c 1.1.1.1.4.1 + src/contrib/bind9/lib/isc/include/isc/assertions.h 1.1.1.1.4.1 + src/contrib/bind9/lib/isc/include/isc/mem.h 1.1.1.2.2.2 + src/contrib/bind9/lib/isc/include/isc/msgs.h 1.1.1.1.4.1 + src/contrib/bind9/lib/isc/include/isc/platform.h.in 1.1.1.1.4.2 + src/contrib/bind9/lib/isc/include/isc/portset.h 1.1.4.1 + src/contrib/bind9/lib/isc/include/isc/resource.h 1.1.1.1.4.2 + src/contrib/bind9/lib/isc/include/isc/socket.h 1.1.1.1.4.3 + src/contrib/bind9/lib/isc/include/isc/timer.h 1.1.1.1.4.4 + src/contrib/bind9/lib/isc/include/isc/types.h 1.1.1.1.4.1 + src/contrib/bind9/lib/isc/mem.c 1.1.1.1.4.3 + src/contrib/bind9/lib/isc/portset.c 1.1.4.1 + src/contrib/bind9/lib/isc/print.c 1.1.1.1.4.2 + src/contrib/bind9/lib/isc/pthreads/mutex.c 1.1.1.1.4.3 + src/contrib/bind9/lib/isc/timer.c 1.1.1.1.4.5 + src/contrib/bind9/lib/isc/unix/app.c 1.1.1.1.4.3 + src/contrib/bind9/lib/isc/unix/include/isc/net.h 1.1.1.1.4.1 + src/contrib/bind9/lib/isc/unix/net.c 1.1.1.1.4.3 + src/contrib/bind9/lib/isc/unix/resource.c 1.1.1.1.4.3 + src/contrib/bind9/lib/isc/unix/socket.c 1.1.1.2.2.5 + src/contrib/bind9/lib/isc/unix/socket_p.h 1.1.1.1.4.2 + src/contrib/bind9/lib/isc/unix/time.c 1.1.1.1.4.1 + src/contrib/bind9/lib/isccfg/api 1.1.1.2.2.4 + src/contrib/bind9/lib/isccfg/namedconf.c 1.1.1.2.2.5 + src/contrib/bind9/version 1.1.1.3.2.10 +RELENG_6_4 + src/UPDATING 1.416.2.40.2.6 + src/sys/conf/newvers.sh 1.69.2.18.2.9 + src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.1.4.2.4.1 + src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.1.4.2.2.1 +RELENG_6_3 + src/UPDATING 1.416.2.37.2.14 + src/sys/conf/newvers.sh 1.69.2.15.2.13 + src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.1.4.2.2.1 + src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.1.4.1.2.1 +RELENG_7 + src/contrib/bind9/CHANGES 1.1.1.10.2.4 + src/contrib/bind9/COPYRIGHT 1.1.1.4.2.3 + src/contrib/bind9/FAQ 1.1.1.6.2.2 + src/contrib/bind9/FAQ.xml 1.1.1.4.2.2 + src/contrib/bind9/README 1.1.1.7.2.2 + src/contrib/bind9/aclocal.m4 1.1.2.1 + src/contrib/bind9/bin/check/check-tool.c 1.1.1.3.2.2 + src/contrib/bind9/bin/check/named-checkconf.c 1.1.1.4.2.1 + src/contrib/bind9/bin/check/named-checkzone.c 1.1.1.3.2.2 + src/contrib/bind9/bin/dig/dig.1 1.1.1.4.2.2 + src/contrib/bind9/bin/dig/dig.c 1.1.1.5.2.2 + src/contrib/bind9/bin/dig/dig.docbook 1.1.1.3.2.2 + src/contrib/bind9/bin/dig/dig.html 1.1.1.4.2.2 + src/contrib/bind9/bin/dig/dighost.c 1.1.1.5.2.3 + src/contrib/bind9/bin/dig/host.1 1.1.1.4.2.2 + src/contrib/bind9/bin/dig/host.docbook 1.1.1.3.2.2 + src/contrib/bind9/bin/dig/host.html 1.1.1.4.2.2 + src/contrib/bind9/bin/dnssec/dnssec-keygen.8 1.1.1.4.2.2 + src/contrib/bind9/bin/dnssec/dnssec-keygen.docbook 1.1.1.3.2.2 + src/contrib/bind9/bin/dnssec/dnssec-keygen.html 1.1.1.4.2.2 + src/contrib/bind9/bin/dnssec/dnssec-signzone.8 1.1.1.4.2.2 + src/contrib/bind9/bin/dnssec/dnssec-signzone.c 1.1.1.5.2.2 + src/contrib/bind9/bin/dnssec/dnssec-signzone.docbook 1.1.1.3.2.2 + src/contrib/bind9/bin/dnssec/dnssec-signzone.html 1.1.1.4.2.2 + src/contrib/bind9/bin/named/client.c 1.1.1.6.2.4 + src/contrib/bind9/bin/named/config.c 1.1.1.4.2.3 + src/contrib/bind9/bin/named/controlconf.c 1.1.1.3.2.2 + src/contrib/bind9/bin/named/include/named/globals.h 1.1.1.3.2.1 + src/contrib/bind9/bin/named/interfacemgr.c 1.1.1.3.2.2 + src/contrib/bind9/bin/named/lwaddr.c 1.1.1.2.2.1 + src/contrib/bind9/bin/named/lwdgnba.c 1.1.1.2.2.1 + src/contrib/bind9/bin/named/lwdnoop.c 1.1.1.2.2.1 + src/contrib/bind9/bin/named/lwresd.8 1.1.1.4.2.2 + src/contrib/bind9/bin/named/lwresd.c 1.1.1.3.2.2 + src/contrib/bind9/bin/named/lwresd.docbook 1.1.1.3.2.2 + src/contrib/bind9/bin/named/lwresd.html 1.1.1.4.2.2 + src/contrib/bind9/bin/named/main.c 1.1.1.5.2.1 + src/contrib/bind9/bin/named/named.8 1.1.1.4.2.2 + src/contrib/bind9/bin/named/named.conf.5 1.1.1.5.2.2 + src/contrib/bind9/bin/named/named.conf.docbook 1.1.1.5.2.3 + src/contrib/bind9/bin/named/named.conf.html 1.1.1.5.2.2 + src/contrib/bind9/bin/named/named.docbook 1.1.1.4.2.2 + src/contrib/bind9/bin/named/named.html 1.1.1.4.2.2 + src/contrib/bind9/bin/named/query.c 1.1.1.6.2.2 + src/contrib/bind9/bin/named/server.c 1.1.1.6.2.4 + src/contrib/bind9/bin/named/unix/include/named/os.h 1.1.1.3.2.1 + src/contrib/bind9/bin/named/unix/os.c 1.1.1.5.2.1 + src/contrib/bind9/bin/named/update.c 1.1.1.5.2.2 + src/contrib/bind9/bin/nsupdate/Makefile.in 1.1.1.2.2.1 + src/contrib/bind9/bin/nsupdate/nsupdate.1 1.1.2.1 + src/contrib/bind9/bin/nsupdate/nsupdate.8 1.1.1.4.2.2 + src/contrib/bind9/bin/nsupdate/nsupdate.c 1.1.1.5.2.2 + src/contrib/bind9/bin/nsupdate/nsupdate.docbook 1.1.1.3.2.2 + src/contrib/bind9/bin/nsupdate/nsupdate.html 1.1.1.4.2.2 + src/contrib/bind9/bin/rndc/rndc-confgen.c 1.1.1.3.2.1 + src/contrib/bind9/bin/rndc/rndc.8 1.1.1.4.2.2 + src/contrib/bind9/bin/rndc/rndc.c 1.1.1.6.2.2 + src/contrib/bind9/bin/rndc/rndc.docbook 1.1.1.3.2.2 + src/contrib/bind9/bin/rndc/rndc.html 1.1.1.4.2.2 + src/contrib/bind9/config.h.in 1.1.2.1 + src/contrib/bind9/configure.in 1.1.1.6.2.3 + src/contrib/bind9/lib/bind/aclocal.m4 1.1.1.2.10.2 + src/contrib/bind9/lib/bind/api 1.1.1.5.2.2 + src/contrib/bind9/lib/bind/bsd/Makefile.in 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/bsd/strerror.c 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/bsd/strtoul.c 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/config.h.in 1.1.1.4.2.3 + src/contrib/bind9/lib/bind/configure.in 1.1.1.5.2.3 + src/contrib/bind9/lib/bind/dst/Makefile.in 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/dst/dst_api.c 1.1.1.5.2.2 + src/contrib/bind9/lib/bind/dst/hmac_link.c 1.1.1.4.2.2 + src/contrib/bind9/lib/bind/dst/support.c 1.1.1.3.2.1 + src/contrib/bind9/lib/bind/include/Makefile.in 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/include/arpa/nameser.h 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/include/isc/assertions.h 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/include/isc/eventlib.h 1.1.1.3.2.1 + src/contrib/bind9/lib/bind/include/isc/misc.h 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/include/isc/platform.h.in 1.2.2.1 + src/contrib/bind9/lib/bind/include/netdb.h 1.1.1.4.2.1 + src/contrib/bind9/lib/bind/include/resolv.h 1.1.1.3.2.1 + src/contrib/bind9/lib/bind/inet/Makefile.in 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/inet/inet_net_pton.c 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/inet/inet_network.c 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/irs/Makefile.in 1.1.1.3.2.1 + src/contrib/bind9/lib/bind/irs/dns_ho.c 1.1.1.4.2.1 + src/contrib/bind9/lib/bind/irs/getnetgrent.c 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/irs/getnetgrent_r.c 1.1.1.4.2.1 + src/contrib/bind9/lib/bind/irs/irp.c 1.1.1.3.2.1 + src/contrib/bind9/lib/bind/isc/Makefile.in 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/isc/assertions.c 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/isc/bitncmp.c 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/isc/ctl_clnt.c 1.1.1.2.2.2 + src/contrib/bind9/lib/bind/isc/ctl_srvr.c 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/isc/logging.c 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/nameser/Makefile.in 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/port_after.h.in 1.1.1.4.2.1 + src/contrib/bind9/lib/bind/port_before.h.in 1.1.1.4.2.2 + src/contrib/bind9/lib/bind/resolv/Makefile.in 1.1.1.3.2.1 + src/contrib/bind9/lib/bind/resolv/res_debug.c 1.1.1.3.2.1 + src/contrib/bind9/lib/bind/resolv/res_mkquery.c 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/resolv/res_query.c 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/resolv/res_send.c 1.1.1.4.2.1 + src/contrib/bind9/lib/bind9/api 1.1.1.5.2.2 + src/contrib/bind9/lib/bind9/check.c 1.1.1.5.2.4 + src/contrib/bind9/lib/dns/acache.c 1.1.1.1.2.1 + src/contrib/bind9/lib/dns/adb.c 1.1.1.5.2.2 + src/contrib/bind9/lib/dns/api 1.1.1.6.2.4 + src/contrib/bind9/lib/dns/cache.c 1.1.1.4.2.1 + src/contrib/bind9/lib/dns/dispatch.c 1.1.1.4.2.4 + src/contrib/bind9/lib/dns/dst_parse.c 1.1.1.2.2.1 + src/contrib/bind9/lib/dns/dst_parse.h 1.1.1.2.2.1 + src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.3.2.4 + src/contrib/bind9/lib/dns/journal.c 1.1.1.4.2.2 + src/contrib/bind9/lib/dns/master.c 1.1.1.2.2.2 + src/contrib/bind9/lib/dns/masterdump.c 1.1.1.3.2.1 + src/contrib/bind9/lib/dns/message.c 1.1.1.4.2.2 + src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.3.2.2 + src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.4.2.1 + src/contrib/bind9/lib/dns/rbt.c 1.1.1.4.2.1 + src/contrib/bind9/lib/dns/rbtdb.c 1.1.1.4.2.2 + src/contrib/bind9/lib/dns/rdata/generic/nsec_47.c 1.1.1.2.2.1 + src/contrib/bind9/lib/dns/rdata/generic/nsec_47.h 1.1.1.2.2.1 + src/contrib/bind9/lib/dns/rdata/generic/txt_16.c 1.1.1.2.2.1 + src/contrib/bind9/lib/dns/rdata/in_1/apl_42.c 1.1.1.2.2.1 + src/contrib/bind9/lib/dns/rdata/in_1/naptr_35.c 1.1.1.2.2.1 + src/contrib/bind9/lib/dns/request.c 1.1.1.3.2.2 + src/contrib/bind9/lib/dns/resolver.c 1.1.1.9.2.4 + src/contrib/bind9/lib/dns/rootns.c 1.1.1.2.2.2 + src/contrib/bind9/lib/dns/sdb.c 1.1.1.2.2.2 + src/contrib/bind9/lib/dns/tkey.c 1.1.1.4.2.1 + src/contrib/bind9/lib/dns/tsig.c 1.1.1.4.2.2 + src/contrib/bind9/lib/dns/validator.c 1.1.1.6.2.2 + src/contrib/bind9/lib/dns/view.c 1.1.1.2.2.2 + src/contrib/bind9/lib/dns/xfrin.c 1.1.1.5.2.3 + src/contrib/bind9/lib/dns/zone.c 1.1.1.5.2.2 + src/contrib/bind9/lib/isc/Makefile.in 1.1.1.2.2.2 + src/contrib/bind9/lib/isc/api 1.1.1.5.2.3 + src/contrib/bind9/lib/isc/assertions.c 1.1.1.2.2.1 + src/contrib/bind9/lib/isc/include/isc/assertions.h 1.1.1.2.2.1 + src/contrib/bind9/lib/isc/include/isc/lex.h 1.1.1.2.2.1 + src/contrib/bind9/lib/isc/include/isc/mem.h 1.1.1.3.2.1 + src/contrib/bind9/lib/isc/include/isc/msgs.h 1.1.1.2.2.1 + src/contrib/bind9/lib/isc/include/isc/platform.h.in 1.1.1.2.2.2 + src/contrib/bind9/lib/isc/include/isc/portset.h 1.1.2.1 + src/contrib/bind9/lib/isc/include/isc/resource.h 1.1.1.2.2.2 + src/contrib/bind9/lib/isc/include/isc/socket.h 1.1.1.2.2.2 + src/contrib/bind9/lib/isc/include/isc/timer.h 1.1.1.3.2.2 + src/contrib/bind9/lib/isc/include/isc/types.h 1.1.1.2.2.1 + src/contrib/bind9/lib/isc/mem.c 1.1.1.3.2.2 + src/contrib/bind9/lib/isc/portset.c 1.1.2.1 + src/contrib/bind9/lib/isc/print.c 1.1.1.3.2.1 + src/contrib/bind9/lib/isc/pthreads/mutex.c 1.1.1.3.2.1 + src/contrib/bind9/lib/isc/timer.c 1.1.1.4.2.3 + src/contrib/bind9/lib/isc/unix/app.c 1.1.1.2.2.2 + src/contrib/bind9/lib/isc/unix/include/isc/net.h 1.1.1.2.2.1 + src/contrib/bind9/lib/isc/unix/net.c 1.1.1.3.2.2 + src/contrib/bind9/lib/isc/unix/resource.c 1.1.1.2.2.2 + src/contrib/bind9/lib/isc/unix/socket.c 1.1.1.5.2.3 + src/contrib/bind9/lib/isc/unix/socket_p.h 1.1.1.2.2.2 + src/contrib/bind9/lib/isc/unix/time.c 1.1.1.2.2.1 + src/contrib/bind9/lib/isccfg/api 1.1.1.4.2.3 + src/contrib/bind9/lib/isccfg/namedconf.c 1.1.1.5.2.2 + src/contrib/bind9/lib/lwres/api 1.1.1.5.2.2 + src/contrib/bind9/make/rules.in 1.1.1.4.2.2 + src/contrib/bind9/version 1.1.1.10.2.4 +RELENG_7_1 + src/UPDATING 1.507.2.13.2.5 + src/sys/conf/newvers.sh 1.72.2.9.2.6 + src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.4.6.1 + src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.3.2.1.4.1 +RELENG_7_0 + src/UPDATING 1.507.2.3.2.13 + src/sys/conf/newvers.sh 1.72.2.5.2.13 + src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.4.4.1 + src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.3.2.1.2.1 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/6/ r187002 +releng/6.4/ r187194 +releng/6.3/ r187194 +stable/7/ r186997 +releng/7.1/ r187194 +releng/7.0/ r187194 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025 +http://security.FreeBSD.org/advisories/FreeBSD-SA-09:02.openssl.asc +https://www.isc.org/node/373 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-09:04.bind.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (FreeBSD) + +iD8DBQFJbRUmFdaIBMps37IRAonEAJsFQFtZGTz6tXFc5TSRMLhB1hxb6QCeI0Pd +ZFPKsX8/XspOTzRWA1h3QPk= +=dpqG +-----END PGP SIGNATURE----- |