CVS: cvs.openbsd.org: ports

Stuart Henderson Thu, 29 Apr 2021 02:28:43 -0700

CVSROOT:        /cvs
Module name:    ports
Changes by:     st...@cvs.openbsd.org   2021/04/29 03:28:31


Modified files:
        net/isc-bind   : Makefile distinfo 
        net/isc-bind/patches: patch-bin_dig_dig_c patch-bin_dig_host_c 
                              patch-configure_ac 
                              patch-lib_isc_unix_socket_c 
        net/isc-bind/pkg: PLIST 
Removed files:
        net/isc-bind/patches: patch-lib_dns_spnego_c 
                              patch-lib_isc_netmgr_netmgr_c 
                              patch-lib_isccfg_aclconf_c 

Log message:
update to bind-9.16.15 for fixes for these 3 CVEs; if you are running
this please test and report back if you see problems; in the run-up
to OpenBSD 6.9 we dropped back to 9.16.10 due to problems in interim
releases

CVE-2021-25214: A broken inbound incremental zone update (IXFR)
can cause named to terminate unexpectedly
https://kb.isc.org/docs/cve-2021-25214

CVE-2021-25215: An assertion check can fail while answering queries for
DNAME records that require the DNAME to be processed to resolve itself
https://kb.isc.org/docs/cve-2021-25215

CVE-2021-25216: A second vulnerability in BIND's GSSAPI security policy
negotiation can be targeted by a buffer overflow attack
https://kb.isc.org/docs/cve-2021-25216

CVS: cvs.openbsd.org: ports

Reply via email to