diff options
| author | mat <mat@FreeBSD.org> | 2014-01-14 01:38:28 +0800 |
|---|---|---|
| committer | mat <mat@FreeBSD.org> | 2014-01-14 01:38:28 +0800 |
| commit | 98d066140e7d7786576789bef5c73abe434b9c9d (patch) | |
| tree | 7f7d3aefe2e8760bfd83f848f1a802d2a41e1b50 /security | |
| parent | f12cec1f2abae96ae65c1d4d776381fcf790df35 (diff) | |
| download | freebsd-ports-gnome-98d066140e7d7786576789bef5c73abe434b9c9d.tar.gz freebsd-ports-gnome-98d066140e7d7786576789bef5c73abe434b9c9d.tar.zst freebsd-ports-gnome-98d066140e7d7786576789bef5c73abe434b9c9d.zip | |
Security update to fix CVE-2014-0591 as reported at
https://kb.isc.org/article/AA-01078/74/
9.9.4 -> 9.9.4-P2
9.8.6 -> 9.8.6-P2
9.6-ESV-R10 -> 9.6-ESV-R10-P2
Security: CVE-2014-0591 Remote DOS
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 83143a44a33f..b96ccede8698 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,48 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="cb252f01-7c43-11e3-b0a6-005056a37f68"> + <topic>bind -- denial of service vulnerability</topic> + <affects> + <package> + <name>bind99</name> + <name>bind99-base</name> + <range><lt>9.9.4.2</lt></range> + </package> + <package> + <name>bind98</name> + <name>bind98-base</name> + <range><lt>9.8.6.2</lt></range> + </package> + <package> + <name>bind96</name> + <name>bind96-base</name> + <range><lt>9.6.3.2.ESV.R10.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>ISC reports:</p> + <blockquote cite="https://kb.isc.org/article/AA-01078/74/"> + <p>Because of a defect in handling queries for NSEC3-signed zones, + BIND can crash with an "INSIST" failure in name.c when processing + queries possessing certain properties. By exploiting this defect + an attacker deliberately constructing a query with the right + properties could achieve denial of service against an authoritative + nameserver serving NSEC3-signed zones.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2014-0591</cvename> + <url>https://kb.isc.org/article/AA-01078/74/</url> + </references> + <dates> + <discovery>2014-01-08</discovery> + <entry>2014-01-13</entry> + </dates> + </vuln> + <vuln vid="28c575fa-784e-11e3-8249-001cc0380077"> <topic>libXfont -- Stack buffer overflow in parsing of BDF font files in libXfont</topic> <affects> |