diff options
| author | delphij <delphij@FreeBSD.org> | 2017-04-13 11:58:32 +0800 |
|---|---|---|
| committer | delphij <delphij@FreeBSD.org> | 2017-04-13 11:58:32 +0800 |
| commit | f80cf00f4fd0b0978170e3ce0a3077116916775d (patch) | |
| tree | 4af4be808195672789ad279f2fc41907a077f4b4 /security | |
| parent | 59103dd472a7597cf0f7895f5e8026ba11924f0e (diff) | |
| download | freebsd-ports-gnome-f80cf00f4fd0b0978170e3ce0a3077116916775d.tar.gz freebsd-ports-gnome-f80cf00f4fd0b0978170e3ce0a3077116916775d.tar.zst freebsd-ports-gnome-f80cf00f4fd0b0978170e3ce0a3077116916775d.zip | |
Document BIND multiple vulnerabilities.
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 543361898c35..c12f2be00d79 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,72 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="c6861494-1ffb-11e7-934d-d05099c0ae8c"> + <topic>BIND -- multiple vulnerabilities</topic> + <affects> + <package> + <name>bind99</name> + <range><lt>9.9.9P8</lt></range> + </package> + <package> + <name>bind910</name> + <range><lt>9.10.4P8</lt></range> + </package> + <package> + <name>bind911</name> + <range><lt>9.11.0P5</lt></range> + </package> + <package> + <name>bind9-devel</name> + <range><le>9.12.0.a.2017.04.12</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>ISC reports:</p> + <blockquote cite="https://kb.isc.org/article/AA-01465/0"> + <p>A query with a specific set of characteristics could + cause a server using DNS64 to encounter an assertion + failure and terminate.</p> + <p>An attacker could deliberately construct a query, + enabling denial-of-service against a server if it + was configured to use the DNS64 feature and other + preconditions were met.</p> + </blockquote> + <blockquote cite="https://kb.isc.org/article/AA-01466/0"> + <p>Mistaken assumptions about the ordering of records in + the answer section of a response containing CNAME or + DNAME resource records could lead to a situation in + which named would exit with an assertion failure when + processing a response in which records occurred in an + unusual order.</p> + </blockquote> + <blockquote cite="https://kb.isc.org/article/AA-01471/0"> + <p>named contains a feature which allows operators to + issue commands to a running server by communicating + with the server process over a control channel, + using a utility program such as rndc.</p> + <p>A regression introduced in a recent feature change + has created a situation under which some versions of + named can be caused to exit with a REQUIRE assertion + failure if they are sent a null command string.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2017-3136</cvename> + <cvename>CVE-2017-3137</cvename> + <cvename>CVE-2017-3138</cvename> + <url>https://kb.isc.org/article/AA-01465/0</url> + <url>https://kb.isc.org/article/AA-01466/0</url> + <url>https://kb.isc.org/article/AA-01471/0</url> + </references> + <dates> + <discovery>2017-04-12</discovery> + <entry>2017-04-13</entry> + </dates> + </vuln> + <vuln vid="e48355d7-1548-11e7-8611-0090f5f2f347"> <topic>id Tech 3 -- remote code execution vulnerability</topic> <affects> |