aboutsummaryrefslogtreecommitdiff
path: root/share/security/advisories/FreeBSD-SA-09:04.bind.asc
diff options
context:
space:
mode:
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-09:04.bind.asc')
-rw-r--r--share/security/advisories/FreeBSD-SA-09:04.bind.asc452
1 files changed, 452 insertions, 0 deletions
diff --git a/share/security/advisories/FreeBSD-SA-09:04.bind.asc b/share/security/advisories/FreeBSD-SA-09:04.bind.asc
new file mode 100644
index 0000000000..a73bdb56e8
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-09:04.bind.asc
@@ -0,0 +1,452 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-09:04.bind Security Advisory
+ The FreeBSD Project
+
+Topic: BIND DNSSEC incorrect checks for malformed signatures
+
+Category: contrib
+Module: bind
+Announced: 2009-01-13
+Credits: Google Security Team
+Affects: All supported FreeBSD versions
+Corrected: 2009-01-10 03:00:21 UTC (RELENG_7, 7.1-STABLE)
+ 2009-01-13 21:19:27 UTC (RELENG_7_1, 7.1-RELEASE-p2)
+ 2009-01-13 21:19:27 UTC (RELENG_7_0, 7.0-RELEASE-p9)
+ 2009-01-10 04:30:27 UTC (RELENG_6, 6.4-STABLE)
+ 2009-01-13 21:19:27 UTC (RELENG_6_4, 6.4-RELEASE-p3)
+ 2009-01-13 21:19:27 UTC (RELENG_6_3, 6.3-RELEASE-p9)
+CVE Name: CVE-2009-0025
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I. Background
+
+BIND 9 is an implementation of the Domain Name System (DNS) protocols.
+The named(8) daemon is an Internet Domain Name Server. DNS Security
+Extensions (DNSSEC) are additional protocol options that add
+authentication as part of responses to DNS queries.
+
+FreeBSD includes software from the OpenSSL Project. The OpenSSL
+Project is a collaborative effort to develop a robust,
+commercial-grade, full-featured Open Source toolkit implementing the
+Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
+protocols as well as a full-strength general purpose cryptography
+library.
+
+II. Problem Description
+
+The DSA_do_verify() function from OpenSSL is used to determine if a
+DSA digital signature is valid. When DNSSEC is used within BIND it
+uses DSA_do_verify() to verify DSA signatures, but checks the function
+return value incorrectly.
+
+III. Impact
+
+It is in theory possible to spoof a DNS reply even though DNSSEC
+is set up to validate answers. This could be used by an attacker for
+man-in-the-middle or other spoofing attacks.
+
+IV. Workaround
+
+Disable the the DSA algorithm in named.conf. This will cause answers
+from zones signed only with DSA to be treated as insecure. Add the
+following to the options section of named.conf:
+
+ disable-algorithms . { DSA; };
+
+NOTE WELL: If named(8) is not explicitly set to use DNSSEC the setup is
+not vulnerable to the issue as described in this Security Advisory.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the
+RELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch
+dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 6.3, 6.4,
+7.0, and 7.1 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-09:04/bind.patch
+# fetch http://security.FreeBSD.org/patches/SA-09:04/bind.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/bind
+# make obj && make depend && make && make install
+# cd /usr/src/usr.sbin/named
+# make obj && make depend && make && make install
+# /etc/rc.d/named restart
+
+c) Install and use a fixed version of BIND from the FreeBSD Ports
+Collection.
+
+VI. Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch Revision
+ Path
+- -------------------------------------------------------------------------
+RELENG_6
+ src/contrib/bind9/CHANGES 1.1.1.3.2.10
+ src/contrib/bind9/FAQ 1.1.1.2.2.5
+ src/contrib/bind9/FAQ.xml 1.1.1.1.2.5
+ src/contrib/bind9/README 1.1.1.2.2.6
+ src/contrib/bind9/aclocal.m4 1.1.4.1
+ src/contrib/bind9/bin/dig/dig.1 1.1.1.1.4.4
+ src/contrib/bind9/bin/dig/dig.c 1.1.1.2.2.4
+ src/contrib/bind9/bin/dig/dig.docbook 1.1.1.1.4.3
+ src/contrib/bind9/bin/dig/dig.html 1.1.1.1.4.4
+ src/contrib/bind9/bin/dig/dighost.c 1.1.1.2.2.5
+ src/contrib/bind9/bin/dig/host.1 1.1.1.1.4.4
+ src/contrib/bind9/bin/dig/host.docbook 1.1.1.1.4.3
+ src/contrib/bind9/bin/dig/host.html 1.1.1.1.4.4
+ src/contrib/bind9/bin/dnssec/dnssec-keygen.8 1.1.1.1.4.4
+ src/contrib/bind9/bin/dnssec/dnssec-keygen.docbook 1.1.1.1.4.3
+ src/contrib/bind9/bin/dnssec/dnssec-keygen.html 1.1.1.1.4.4
+ src/contrib/bind9/bin/dnssec/dnssec-signzone.8 1.1.1.1.4.4
+ src/contrib/bind9/bin/dnssec/dnssec-signzone.c 1.1.1.2.2.4
+ src/contrib/bind9/bin/dnssec/dnssec-signzone.docbook 1.1.1.1.4.3
+ src/contrib/bind9/bin/dnssec/dnssec-signzone.html 1.1.1.1.4.4
+ src/contrib/bind9/bin/named/client.c 1.1.1.2.2.7
+ src/contrib/bind9/bin/named/config.c 1.1.1.2.2.4
+ src/contrib/bind9/bin/named/controlconf.c 1.1.1.1.4.4
+ src/contrib/bind9/bin/named/include/named/globals.h 1.1.1.1.4.2
+ src/contrib/bind9/bin/named/interfacemgr.c 1.1.1.1.4.4
+ src/contrib/bind9/bin/named/lwresd.8 1.1.1.1.4.4
+ src/contrib/bind9/bin/named/lwresd.c 1.1.1.1.4.3
+ src/contrib/bind9/bin/named/lwresd.docbook 1.1.1.1.4.3
+ src/contrib/bind9/bin/named/lwresd.html 1.1.1.1.4.4
+ src/contrib/bind9/bin/named/main.c 1.1.1.2.2.3
+ src/contrib/bind9/bin/named/named.8 1.1.1.1.4.4
+ src/contrib/bind9/bin/named/named.conf.5 1.1.1.2.2.4
+ src/contrib/bind9/bin/named/named.conf.docbook 1.1.1.2.2.5
+ src/contrib/bind9/bin/named/named.conf.html 1.1.1.2.2.4
+ src/contrib/bind9/bin/named/named.docbook 1.1.1.1.4.4
+ src/contrib/bind9/bin/named/named.html 1.1.1.1.4.4
+ src/contrib/bind9/bin/named/query.c 1.1.1.1.4.6
+ src/contrib/bind9/bin/named/server.c 1.1.1.2.2.6
+ src/contrib/bind9/bin/named/unix/include/named/os.h 1.1.1.2.2.2
+ src/contrib/bind9/bin/named/unix/os.c 1.1.1.2.2.4
+ src/contrib/bind9/bin/named/update.c 1.1.1.2.2.4
+ src/contrib/bind9/bin/nsupdate/Makefile.in 1.1.1.1.4.2
+ src/contrib/bind9/bin/nsupdate/nsupdate.1 1.1.4.1
+ src/contrib/bind9/bin/nsupdate/nsupdate.8 1.1.1.1.4.4
+ src/contrib/bind9/bin/nsupdate/nsupdate.docbook 1.1.1.1.4.3
+ src/contrib/bind9/bin/nsupdate/nsupdate.html 1.1.1.1.4.4
+ src/contrib/bind9/bin/rndc/rndc-confgen.c 1.1.1.2.2.1
+ src/contrib/bind9/bin/rndc/rndc.c 1.1.1.3.2.3
+ src/contrib/bind9/config.h.in 1.1.4.1
+ src/contrib/bind9/configure.in 1.1.1.2.2.6
+ src/contrib/bind9/lib/bind/aclocal.m4 1.1.1.2.2.2
+ src/contrib/bind9/lib/bind/api 1.1.1.2.2.4
+ src/contrib/bind9/lib/bind/bsd/Makefile.in 1.1.1.1.4.1
+ src/contrib/bind9/lib/bind/bsd/strerror.c 1.1.1.1.4.1
+ src/contrib/bind9/lib/bind/bsd/strtoul.c 1.1.1.1.4.1
+ src/contrib/bind9/lib/bind/config.h.in 1.1.1.2.2.4
+ src/contrib/bind9/lib/bind/configure.in 1.1.1.2.2.5
+ src/contrib/bind9/lib/bind/dst/Makefile.in 1.1.1.1.4.1
+ src/contrib/bind9/lib/bind/dst/dst_api.c 1.1.1.2.2.4
+ src/contrib/bind9/lib/bind/dst/hmac_link.c 1.1.1.1.4.4
+ src/contrib/bind9/lib/bind/dst/support.c 1.1.1.1.4.2
+ src/contrib/bind9/lib/bind/include/arpa/nameser.h 1.1.1.1.4.1
+ src/contrib/bind9/lib/bind/include/isc/assertions.h 1.1.1.1.4.1
+ src/contrib/bind9/lib/bind/include/isc/misc.h 1.1.1.1.4.1
+ src/contrib/bind9/lib/bind/include/resolv.h 1.1.1.1.4.2
+ src/contrib/bind9/lib/bind/inet/Makefile.in 1.1.1.1.4.1
+ src/contrib/bind9/lib/bind/inet/inet_net_pton.c 1.1.1.1.4.1
+ src/contrib/bind9/lib/bind/irs/Makefile.in 1.1.1.2.2.1
+ src/contrib/bind9/lib/bind/irs/dns_ho.c 1.1.1.1.4.4
+ src/contrib/bind9/lib/bind/irs/irp.c 1.1.1.1.4.2
+ src/contrib/bind9/lib/bind/isc/Makefile.in 1.1.1.1.4.1
+ src/contrib/bind9/lib/bind/isc/assertions.c 1.1.1.1.4.1
+ src/contrib/bind9/lib/bind/isc/bitncmp.c 1.1.1.1.4.1
+ src/contrib/bind9/lib/bind/isc/ctl_clnt.c 1.1.1.1.4.2
+ src/contrib/bind9/lib/bind/isc/ctl_srvr.c 1.1.1.1.4.2
+ src/contrib/bind9/lib/bind/nameser/Makefile.in 1.1.1.1.4.1
+ src/contrib/bind9/lib/bind/port_after.h.in 1.1.1.2.2.4
+ src/contrib/bind9/lib/bind/resolv/Makefile.in 1.1.1.1.4.2
+ src/contrib/bind9/lib/bind/resolv/res_debug.c 1.1.1.1.4.2
+ src/contrib/bind9/lib/bind/resolv/res_mkquery.c 1.1.1.1.4.1
+ src/contrib/bind9/lib/bind/resolv/res_query.c 1.1.1.1.4.1
+ src/contrib/bind9/lib/bind9/api 1.1.1.2.2.4
+ src/contrib/bind9/lib/bind9/check.c 1.1.1.2.2.4
+ src/contrib/bind9/lib/dns/adb.c 1.1.1.2.2.4
+ src/contrib/bind9/lib/dns/api 1.1.1.2.2.7
+ src/contrib/bind9/lib/dns/cache.c 1.1.1.1.4.3
+ src/contrib/bind9/lib/dns/dispatch.c 1.1.1.1.4.6
+ src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.1.4.5
+ src/contrib/bind9/lib/dns/journal.c 1.1.1.2.2.3
+ src/contrib/bind9/lib/dns/masterdump.c 1.1.1.1.4.2
+ src/contrib/bind9/lib/dns/message.c 1.1.1.1.4.5
+ src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.1.4.3
+ src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.1.4.3
+ src/contrib/bind9/lib/dns/rbt.c 1.1.1.2.2.3
+ src/contrib/bind9/lib/dns/rdata/generic/nsec_47.c 1.1.1.1.4.1
+ src/contrib/bind9/lib/dns/rdata/generic/nsec_47.h 1.1.1.1.4.1
+ src/contrib/bind9/lib/dns/rdata/generic/txt_16.c 1.1.1.1.4.2
+ src/contrib/bind9/lib/dns/rdata/in_1/naptr_35.c 1.1.1.1.4.1
+ src/contrib/bind9/lib/dns/request.c 1.1.1.1.4.4
+ src/contrib/bind9/lib/dns/resolver.c 1.1.1.2.2.10
+ src/contrib/bind9/lib/dns/validator.c 1.1.1.2.2.5
+ src/contrib/bind9/lib/dns/view.c 1.1.1.1.4.2
+ src/contrib/bind9/lib/dns/xfrin.c 1.1.1.2.2.5
+ src/contrib/bind9/lib/isc/Makefile.in 1.1.1.1.4.1
+ src/contrib/bind9/lib/isc/api 1.1.1.2.2.5
+ src/contrib/bind9/lib/isc/assertions.c 1.1.1.1.4.1
+ src/contrib/bind9/lib/isc/include/isc/assertions.h 1.1.1.1.4.1
+ src/contrib/bind9/lib/isc/include/isc/mem.h 1.1.1.2.2.2
+ src/contrib/bind9/lib/isc/include/isc/msgs.h 1.1.1.1.4.1
+ src/contrib/bind9/lib/isc/include/isc/platform.h.in 1.1.1.1.4.2
+ src/contrib/bind9/lib/isc/include/isc/portset.h 1.1.4.1
+ src/contrib/bind9/lib/isc/include/isc/resource.h 1.1.1.1.4.2
+ src/contrib/bind9/lib/isc/include/isc/socket.h 1.1.1.1.4.3
+ src/contrib/bind9/lib/isc/include/isc/timer.h 1.1.1.1.4.4
+ src/contrib/bind9/lib/isc/include/isc/types.h 1.1.1.1.4.1
+ src/contrib/bind9/lib/isc/mem.c 1.1.1.1.4.3
+ src/contrib/bind9/lib/isc/portset.c 1.1.4.1
+ src/contrib/bind9/lib/isc/print.c 1.1.1.1.4.2
+ src/contrib/bind9/lib/isc/pthreads/mutex.c 1.1.1.1.4.3
+ src/contrib/bind9/lib/isc/timer.c 1.1.1.1.4.5
+ src/contrib/bind9/lib/isc/unix/app.c 1.1.1.1.4.3
+ src/contrib/bind9/lib/isc/unix/include/isc/net.h 1.1.1.1.4.1
+ src/contrib/bind9/lib/isc/unix/net.c 1.1.1.1.4.3
+ src/contrib/bind9/lib/isc/unix/resource.c 1.1.1.1.4.3
+ src/contrib/bind9/lib/isc/unix/socket.c 1.1.1.2.2.5
+ src/contrib/bind9/lib/isc/unix/socket_p.h 1.1.1.1.4.2
+ src/contrib/bind9/lib/isc/unix/time.c 1.1.1.1.4.1
+ src/contrib/bind9/lib/isccfg/api 1.1.1.2.2.4
+ src/contrib/bind9/lib/isccfg/namedconf.c 1.1.1.2.2.5
+ src/contrib/bind9/version 1.1.1.3.2.10
+RELENG_6_4
+ src/UPDATING 1.416.2.40.2.6
+ src/sys/conf/newvers.sh 1.69.2.18.2.9
+ src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.1.4.2.4.1
+ src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.1.4.2.2.1
+RELENG_6_3
+ src/UPDATING 1.416.2.37.2.14
+ src/sys/conf/newvers.sh 1.69.2.15.2.13
+ src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.1.4.2.2.1
+ src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.1.4.1.2.1
+RELENG_7
+ src/contrib/bind9/CHANGES 1.1.1.10.2.4
+ src/contrib/bind9/COPYRIGHT 1.1.1.4.2.3
+ src/contrib/bind9/FAQ 1.1.1.6.2.2
+ src/contrib/bind9/FAQ.xml 1.1.1.4.2.2
+ src/contrib/bind9/README 1.1.1.7.2.2
+ src/contrib/bind9/aclocal.m4 1.1.2.1
+ src/contrib/bind9/bin/check/check-tool.c 1.1.1.3.2.2
+ src/contrib/bind9/bin/check/named-checkconf.c 1.1.1.4.2.1
+ src/contrib/bind9/bin/check/named-checkzone.c 1.1.1.3.2.2
+ src/contrib/bind9/bin/dig/dig.1 1.1.1.4.2.2
+ src/contrib/bind9/bin/dig/dig.c 1.1.1.5.2.2
+ src/contrib/bind9/bin/dig/dig.docbook 1.1.1.3.2.2
+ src/contrib/bind9/bin/dig/dig.html 1.1.1.4.2.2
+ src/contrib/bind9/bin/dig/dighost.c 1.1.1.5.2.3
+ src/contrib/bind9/bin/dig/host.1 1.1.1.4.2.2
+ src/contrib/bind9/bin/dig/host.docbook 1.1.1.3.2.2
+ src/contrib/bind9/bin/dig/host.html 1.1.1.4.2.2
+ src/contrib/bind9/bin/dnssec/dnssec-keygen.8 1.1.1.4.2.2
+ src/contrib/bind9/bin/dnssec/dnssec-keygen.docbook 1.1.1.3.2.2
+ src/contrib/bind9/bin/dnssec/dnssec-keygen.html 1.1.1.4.2.2
+ src/contrib/bind9/bin/dnssec/dnssec-signzone.8 1.1.1.4.2.2
+ src/contrib/bind9/bin/dnssec/dnssec-signzone.c 1.1.1.5.2.2
+ src/contrib/bind9/bin/dnssec/dnssec-signzone.docbook 1.1.1.3.2.2
+ src/contrib/bind9/bin/dnssec/dnssec-signzone.html 1.1.1.4.2.2
+ src/contrib/bind9/bin/named/client.c 1.1.1.6.2.4
+ src/contrib/bind9/bin/named/config.c 1.1.1.4.2.3
+ src/contrib/bind9/bin/named/controlconf.c 1.1.1.3.2.2
+ src/contrib/bind9/bin/named/include/named/globals.h 1.1.1.3.2.1
+ src/contrib/bind9/bin/named/interfacemgr.c 1.1.1.3.2.2
+ src/contrib/bind9/bin/named/lwaddr.c 1.1.1.2.2.1
+ src/contrib/bind9/bin/named/lwdgnba.c 1.1.1.2.2.1
+ src/contrib/bind9/bin/named/lwdnoop.c 1.1.1.2.2.1
+ src/contrib/bind9/bin/named/lwresd.8 1.1.1.4.2.2
+ src/contrib/bind9/bin/named/lwresd.c 1.1.1.3.2.2
+ src/contrib/bind9/bin/named/lwresd.docbook 1.1.1.3.2.2
+ src/contrib/bind9/bin/named/lwresd.html 1.1.1.4.2.2
+ src/contrib/bind9/bin/named/main.c 1.1.1.5.2.1
+ src/contrib/bind9/bin/named/named.8 1.1.1.4.2.2
+ src/contrib/bind9/bin/named/named.conf.5 1.1.1.5.2.2
+ src/contrib/bind9/bin/named/named.conf.docbook 1.1.1.5.2.3
+ src/contrib/bind9/bin/named/named.conf.html 1.1.1.5.2.2
+ src/contrib/bind9/bin/named/named.docbook 1.1.1.4.2.2
+ src/contrib/bind9/bin/named/named.html 1.1.1.4.2.2
+ src/contrib/bind9/bin/named/query.c 1.1.1.6.2.2
+ src/contrib/bind9/bin/named/server.c 1.1.1.6.2.4
+ src/contrib/bind9/bin/named/unix/include/named/os.h 1.1.1.3.2.1
+ src/contrib/bind9/bin/named/unix/os.c 1.1.1.5.2.1
+ src/contrib/bind9/bin/named/update.c 1.1.1.5.2.2
+ src/contrib/bind9/bin/nsupdate/Makefile.in 1.1.1.2.2.1
+ src/contrib/bind9/bin/nsupdate/nsupdate.1 1.1.2.1
+ src/contrib/bind9/bin/nsupdate/nsupdate.8 1.1.1.4.2.2
+ src/contrib/bind9/bin/nsupdate/nsupdate.c 1.1.1.5.2.2
+ src/contrib/bind9/bin/nsupdate/nsupdate.docbook 1.1.1.3.2.2
+ src/contrib/bind9/bin/nsupdate/nsupdate.html 1.1.1.4.2.2
+ src/contrib/bind9/bin/rndc/rndc-confgen.c 1.1.1.3.2.1
+ src/contrib/bind9/bin/rndc/rndc.8 1.1.1.4.2.2
+ src/contrib/bind9/bin/rndc/rndc.c 1.1.1.6.2.2
+ src/contrib/bind9/bin/rndc/rndc.docbook 1.1.1.3.2.2
+ src/contrib/bind9/bin/rndc/rndc.html 1.1.1.4.2.2
+ src/contrib/bind9/config.h.in 1.1.2.1
+ src/contrib/bind9/configure.in 1.1.1.6.2.3
+ src/contrib/bind9/lib/bind/aclocal.m4 1.1.1.2.10.2
+ src/contrib/bind9/lib/bind/api 1.1.1.5.2.2
+ src/contrib/bind9/lib/bind/bsd/Makefile.in 1.1.1.2.2.1
+ src/contrib/bind9/lib/bind/bsd/strerror.c 1.1.1.2.2.1
+ src/contrib/bind9/lib/bind/bsd/strtoul.c 1.1.1.2.2.1
+ src/contrib/bind9/lib/bind/config.h.in 1.1.1.4.2.3
+ src/contrib/bind9/lib/bind/configure.in 1.1.1.5.2.3
+ src/contrib/bind9/lib/bind/dst/Makefile.in 1.1.1.2.2.1
+ src/contrib/bind9/lib/bind/dst/dst_api.c 1.1.1.5.2.2
+ src/contrib/bind9/lib/bind/dst/hmac_link.c 1.1.1.4.2.2
+ src/contrib/bind9/lib/bind/dst/support.c 1.1.1.3.2.1
+ src/contrib/bind9/lib/bind/include/Makefile.in 1.1.1.2.2.1
+ src/contrib/bind9/lib/bind/include/arpa/nameser.h 1.1.1.2.2.1
+ src/contrib/bind9/lib/bind/include/isc/assertions.h 1.1.1.2.2.1
+ src/contrib/bind9/lib/bind/include/isc/eventlib.h 1.1.1.3.2.1
+ src/contrib/bind9/lib/bind/include/isc/misc.h 1.1.1.2.2.1
+ src/contrib/bind9/lib/bind/include/isc/platform.h.in 1.2.2.1
+ src/contrib/bind9/lib/bind/include/netdb.h 1.1.1.4.2.1
+ src/contrib/bind9/lib/bind/include/resolv.h 1.1.1.3.2.1
+ src/contrib/bind9/lib/bind/inet/Makefile.in 1.1.1.2.2.1
+ src/contrib/bind9/lib/bind/inet/inet_net_pton.c 1.1.1.2.2.1
+ src/contrib/bind9/lib/bind/inet/inet_network.c 1.1.1.2.2.1
+ src/contrib/bind9/lib/bind/irs/Makefile.in 1.1.1.3.2.1
+ src/contrib/bind9/lib/bind/irs/dns_ho.c 1.1.1.4.2.1
+ src/contrib/bind9/lib/bind/irs/getnetgrent.c 1.1.1.2.2.1
+ src/contrib/bind9/lib/bind/irs/getnetgrent_r.c 1.1.1.4.2.1
+ src/contrib/bind9/lib/bind/irs/irp.c 1.1.1.3.2.1
+ src/contrib/bind9/lib/bind/isc/Makefile.in 1.1.1.2.2.1
+ src/contrib/bind9/lib/bind/isc/assertions.c 1.1.1.2.2.1
+ src/contrib/bind9/lib/bind/isc/bitncmp.c 1.1.1.2.2.1
+ src/contrib/bind9/lib/bind/isc/ctl_clnt.c 1.1.1.2.2.2
+ src/contrib/bind9/lib/bind/isc/ctl_srvr.c 1.1.1.2.2.1
+ src/contrib/bind9/lib/bind/isc/logging.c 1.1.1.2.2.1
+ src/contrib/bind9/lib/bind/nameser/Makefile.in 1.1.1.2.2.1
+ src/contrib/bind9/lib/bind/port_after.h.in 1.1.1.4.2.1
+ src/contrib/bind9/lib/bind/port_before.h.in 1.1.1.4.2.2
+ src/contrib/bind9/lib/bind/resolv/Makefile.in 1.1.1.3.2.1
+ src/contrib/bind9/lib/bind/resolv/res_debug.c 1.1.1.3.2.1
+ src/contrib/bind9/lib/bind/resolv/res_mkquery.c 1.1.1.2.2.1
+ src/contrib/bind9/lib/bind/resolv/res_query.c 1.1.1.2.2.1
+ src/contrib/bind9/lib/bind/resolv/res_send.c 1.1.1.4.2.1
+ src/contrib/bind9/lib/bind9/api 1.1.1.5.2.2
+ src/contrib/bind9/lib/bind9/check.c 1.1.1.5.2.4
+ src/contrib/bind9/lib/dns/acache.c 1.1.1.1.2.1
+ src/contrib/bind9/lib/dns/adb.c 1.1.1.5.2.2
+ src/contrib/bind9/lib/dns/api 1.1.1.6.2.4
+ src/contrib/bind9/lib/dns/cache.c 1.1.1.4.2.1
+ src/contrib/bind9/lib/dns/dispatch.c 1.1.1.4.2.4
+ src/contrib/bind9/lib/dns/dst_parse.c 1.1.1.2.2.1
+ src/contrib/bind9/lib/dns/dst_parse.h 1.1.1.2.2.1
+ src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.3.2.4
+ src/contrib/bind9/lib/dns/journal.c 1.1.1.4.2.2
+ src/contrib/bind9/lib/dns/master.c 1.1.1.2.2.2
+ src/contrib/bind9/lib/dns/masterdump.c 1.1.1.3.2.1
+ src/contrib/bind9/lib/dns/message.c 1.1.1.4.2.2
+ src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.3.2.2
+ src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.4.2.1
+ src/contrib/bind9/lib/dns/rbt.c 1.1.1.4.2.1
+ src/contrib/bind9/lib/dns/rbtdb.c 1.1.1.4.2.2
+ src/contrib/bind9/lib/dns/rdata/generic/nsec_47.c 1.1.1.2.2.1
+ src/contrib/bind9/lib/dns/rdata/generic/nsec_47.h 1.1.1.2.2.1
+ src/contrib/bind9/lib/dns/rdata/generic/txt_16.c 1.1.1.2.2.1
+ src/contrib/bind9/lib/dns/rdata/in_1/apl_42.c 1.1.1.2.2.1
+ src/contrib/bind9/lib/dns/rdata/in_1/naptr_35.c 1.1.1.2.2.1
+ src/contrib/bind9/lib/dns/request.c 1.1.1.3.2.2
+ src/contrib/bind9/lib/dns/resolver.c 1.1.1.9.2.4
+ src/contrib/bind9/lib/dns/rootns.c 1.1.1.2.2.2
+ src/contrib/bind9/lib/dns/sdb.c 1.1.1.2.2.2
+ src/contrib/bind9/lib/dns/tkey.c 1.1.1.4.2.1
+ src/contrib/bind9/lib/dns/tsig.c 1.1.1.4.2.2
+ src/contrib/bind9/lib/dns/validator.c 1.1.1.6.2.2
+ src/contrib/bind9/lib/dns/view.c 1.1.1.2.2.2
+ src/contrib/bind9/lib/dns/xfrin.c 1.1.1.5.2.3
+ src/contrib/bind9/lib/dns/zone.c 1.1.1.5.2.2
+ src/contrib/bind9/lib/isc/Makefile.in 1.1.1.2.2.2
+ src/contrib/bind9/lib/isc/api 1.1.1.5.2.3
+ src/contrib/bind9/lib/isc/assertions.c 1.1.1.2.2.1
+ src/contrib/bind9/lib/isc/include/isc/assertions.h 1.1.1.2.2.1
+ src/contrib/bind9/lib/isc/include/isc/lex.h 1.1.1.2.2.1
+ src/contrib/bind9/lib/isc/include/isc/mem.h 1.1.1.3.2.1
+ src/contrib/bind9/lib/isc/include/isc/msgs.h 1.1.1.2.2.1
+ src/contrib/bind9/lib/isc/include/isc/platform.h.in 1.1.1.2.2.2
+ src/contrib/bind9/lib/isc/include/isc/portset.h 1.1.2.1
+ src/contrib/bind9/lib/isc/include/isc/resource.h 1.1.1.2.2.2
+ src/contrib/bind9/lib/isc/include/isc/socket.h 1.1.1.2.2.2
+ src/contrib/bind9/lib/isc/include/isc/timer.h 1.1.1.3.2.2
+ src/contrib/bind9/lib/isc/include/isc/types.h 1.1.1.2.2.1
+ src/contrib/bind9/lib/isc/mem.c 1.1.1.3.2.2
+ src/contrib/bind9/lib/isc/portset.c 1.1.2.1
+ src/contrib/bind9/lib/isc/print.c 1.1.1.3.2.1
+ src/contrib/bind9/lib/isc/pthreads/mutex.c 1.1.1.3.2.1
+ src/contrib/bind9/lib/isc/timer.c 1.1.1.4.2.3
+ src/contrib/bind9/lib/isc/unix/app.c 1.1.1.2.2.2
+ src/contrib/bind9/lib/isc/unix/include/isc/net.h 1.1.1.2.2.1
+ src/contrib/bind9/lib/isc/unix/net.c 1.1.1.3.2.2
+ src/contrib/bind9/lib/isc/unix/resource.c 1.1.1.2.2.2
+ src/contrib/bind9/lib/isc/unix/socket.c 1.1.1.5.2.3
+ src/contrib/bind9/lib/isc/unix/socket_p.h 1.1.1.2.2.2
+ src/contrib/bind9/lib/isc/unix/time.c 1.1.1.2.2.1
+ src/contrib/bind9/lib/isccfg/api 1.1.1.4.2.3
+ src/contrib/bind9/lib/isccfg/namedconf.c 1.1.1.5.2.2
+ src/contrib/bind9/lib/lwres/api 1.1.1.5.2.2
+ src/contrib/bind9/make/rules.in 1.1.1.4.2.2
+ src/contrib/bind9/version 1.1.1.10.2.4
+RELENG_7_1
+ src/UPDATING 1.507.2.13.2.5
+ src/sys/conf/newvers.sh 1.72.2.9.2.6
+ src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.4.6.1
+ src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.3.2.1.4.1
+RELENG_7_0
+ src/UPDATING 1.507.2.3.2.13
+ src/sys/conf/newvers.sh 1.72.2.5.2.13
+ src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.4.4.1
+ src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.3.2.1.2.1
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/6/ r187002
+releng/6.4/ r187194
+releng/6.3/ r187194
+stable/7/ r186997
+releng/7.1/ r187194
+releng/7.0/ r187194
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025
+http://security.FreeBSD.org/advisories/FreeBSD-SA-09:02.openssl.asc
+https://www.isc.org/node/373
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-09:04.bind.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iD8DBQFJbRUmFdaIBMps37IRAonEAJsFQFtZGTz6tXFc5TSRMLhB1hxb6QCeI0Pd
+ZFPKsX8/XspOTzRWA1h3QPk=
+=dpqG
+-----END PGP SIGNATURE-----