diff options
| author | Ralf van der Enden <tremere@cainites.net> | 2024-05-13 11:39:22 +0000 |
|---|---|---|
| committer | Neel Chauhan <nc@FreeBSD.org> | 2024-05-15 02:02:40 +0000 |
| commit | 9422b76b11fe118a3473845ee88bd920f418c14c (patch) | |
| tree | 783aa3581137180706fc989d26c6c5cb2807cf13 | |
| parent | 519b9d1c5db1a9edb43ceb29e75aee4665908ec8 (diff) | |
| download | ports-9422b76b11fe118a3473845ee88bd920f418c14c.tar.gz ports-9422b76b11fe118a3473845ee88bd920f418c14c.zip | |
dns/dnsdist: update to 1.9.4 (fixes CVE-2024-25581)
PR: 278954
Approved by: submitter is maintainer
| -rw-r--r-- | dns/dnsdist/Makefile | 2 | ||||
| -rw-r--r-- | dns/dnsdist/distinfo | 6 | ||||
| -rw-r--r-- | security/vuxml/vuln/2024.xml | 34 |
3 files changed, 37 insertions, 5 deletions
diff --git a/dns/dnsdist/Makefile b/dns/dnsdist/Makefile index 1c3dee8e4206..c1ddecd5e4d2 100644 --- a/dns/dnsdist/Makefile +++ b/dns/dnsdist/Makefile @@ -1,5 +1,5 @@ PORTNAME= dnsdist -DISTVERSION= 1.9.3 +DISTVERSION= 1.9.4 CATEGORIES= dns net MASTER_SITES= https://downloads.powerdns.com/releases/ diff --git a/dns/dnsdist/distinfo b/dns/dnsdist/distinfo index 656cd642f775..724d6806d1a7 100644 --- a/dns/dnsdist/distinfo +++ b/dns/dnsdist/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1712317299 -SHA256 (dnsdist-1.9.3.tar.bz2) = f05b68806dc6c4d207b1fadb7ec715c3e0d28d893a8b3b92d58297c4ceb56c3f -SIZE (dnsdist-1.9.3.tar.bz2) = 1577027 +TIMESTAMP = 1715595818 +SHA256 (dnsdist-1.9.4.tar.bz2) = 297d3a3751af4650665c9d3890a1d5a7a0467175f2c8607d0d5980e3fd67ef14 +SIZE (dnsdist-1.9.4.tar.bz2) = 1591994 diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index f0d80972c94b..a7adfc16dd50 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,4 +1,36 @@ - <vuln vid="5afd64ae-122a-11ef-8eed-1c697a616631"> + <vuln vid="f2d8342f-1134-11ef-8791-6805ca2fa271"> + <topic>dnsdist -- Transfer requests received over DoH can lead to a denial of service</topic> + <affects> + <package> + <name>dnsdist</name> + <range><lt>1.9.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>PowerDNS Security Advisory reports:</p> + <blockquote cite="https://dnsdist.org/security-advisories/index.html"> + <p>When incoming DNS over HTTPS support is enabled using the nghttp2 provider, + and queries are routed to a tcp-only or DNS over TLS backend, an attacker can + trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR + or IXFR) over DNS over HTTPS, causing the process to stop and thus leading to a + Denial of Service. DNS over HTTPS is not enabled by default, and backends are using + plain DNS (Do53) by default. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2024-25581</cvename> + <url>https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2024-03.html</url> + </references> + <dates> + <discovery>2024-05-13</discovery> + <entry>2024-05-13</entry> + </dates> + </vuln> + +<vuln vid="5afd64ae-122a-11ef-8eed-1c697a616631"> <topic>Intel CPUs -- multiple vulnerabilities</topic> <affects> <package> |