diff options
| author | dougb <dougb@FreeBSD.org> | 2006-11-03 15:47:21 +0800 |
|---|---|---|
| committer | dougb <dougb@FreeBSD.org> | 2006-11-03 15:47:21 +0800 |
| commit | ae1f6f71622699a079e25978e9f8bddea74b0997 (patch) | |
| tree | f57289a1d526861e3b6c930f92bfc47d54782818 /textproc | |
| parent | 53e1eb9b6141777bba3dfe03a713fcd8c9a9f55b (diff) | |
| download | freebsd-ports-gnome-ae1f6f71622699a079e25978e9f8bddea74b0997.tar.gz freebsd-ports-gnome-ae1f6f71622699a079e25978e9f8bddea74b0997.tar.zst freebsd-ports-gnome-ae1f6f71622699a079e25978e9f8bddea74b0997.zip | |
Update to version 9.3.2-P2, which addresses the vulnerability
announced by ISC dated 31 October (delivered via e-mail to the
bind-announce@isc.org list today):
Description:
Because of OpenSSL's recently announced vulnerabilities
(CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named,
we are announcing this workaround and releasing patches. A proof of
concept attack on OpenSSL has been demonstrated for CAN-2006-4339.
OpenSSL is required to use DNSSEC with BIND.
Fix for version 9.3.2-P1 and lower:
Upgrade to BIND 9.2.3-P2, then generate new RSASHA1 and
RSAMD5 keys for all old keys using the old default exponent
and perform a key rollover to these new keys.
These versions also change the default RSA exponent to be
65537 which is not vulnerable to the attacks described in
CAN-2006-4339.
Diffstat (limited to 'textproc')
0 files changed, 0 insertions, 0 deletions