CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2018/02/06 18:11:45
Modified files:
usr.sbin/unbound/validator: Tag: OPENBSD_6_2 autotrust.c
autotrust.h val_nsec.c val_nsec.h
val_nsec3.c val_nsec3.h
val_sigcrypt.c val_sigcrypt.h
val_utils.c val_utils.h validator.c
Log message:
OpenBSD 6.2 errata 008
A flaw was found in the way unbound validated wildcard-synthesized
NSEC records. An improperly validated wildcard NSEC record could be
used to prove the non-existence (NXDOMAIN answer) of an existing
wildcard record, or trick unbound into accepting a NODATA proof.
For details see https://unbound.net/downloads/CVE-2017-15105.txt.
Fixed in -current by florian@ updating unbound to 1.6.8.
tested/looked at/ok by bluhm@, tj@
