CVSROOT: /cvs Module name: ports Changes by: st...@cvs.openbsd.org 2021/04/29 03:28:31
Modified files: net/isc-bind : Makefile distinfo net/isc-bind/patches: patch-bin_dig_dig_c patch-bin_dig_host_c patch-configure_ac patch-lib_isc_unix_socket_c net/isc-bind/pkg: PLIST Removed files: net/isc-bind/patches: patch-lib_dns_spnego_c patch-lib_isc_netmgr_netmgr_c patch-lib_isccfg_aclconf_c Log message: update to bind-9.16.15 for fixes for these 3 CVEs; if you are running this please test and report back if you see problems; in the run-up to OpenBSD 6.9 we dropped back to 9.16.10 due to problems in interim releases CVE-2021-25214: A broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly https://kb.isc.org/docs/cve-2021-25214 CVE-2021-25215: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself https://kb.isc.org/docs/cve-2021-25215 CVE-2021-25216: A second vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack https://kb.isc.org/docs/cve-2021-25216