From patchwork Fri Feb 19 17:44:27 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthias Fischer X-Patchwork-Id: 3903 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4DhzVD5tx5z3wps for ; Fri, 19 Feb 2021 17:44:36 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4DhzVC3jX0zpg; Fri, 19 Feb 2021 17:44:35 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4DhzVC2jTMz30Nm; Fri, 19 Feb 2021 17:44:35 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4DhzV93jclz2xhl for ; Fri, 19 Feb 2021 17:44:33 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4DhzV874vRzB9 for ; Fri, 19 Feb 2021 17:44:32 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1613756673; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc; bh=hJO4+GEerRVGgHoxG0EzIT11P9UFY46vRuq/G2TQpaw=; b=o9CtY2gd1YVfAn3ktHn6dvBwWxDQt+ssDojQKt37o5q5/XA0NoEImIQUXTCdTZWWsx3C+3 xiKhMhFnhFCissCw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1613756673; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc; bh=hJO4+GEerRVGgHoxG0EzIT11P9UFY46vRuq/G2TQpaw=; b=OLwEpJhIz0mbAl6gm55G35wMhqb0JyxpCQ0tItCtThdLu5TQVZAwazKHTPJpQYfHCNcC+8 hKt+cuoJ0I6kI/mKEd+DM5cvlulqPfSbX5B81D6BNG63KmJv8Ma6I35mGflH8i6n99WgIk Pz6zKbilxMahcvoEnkgzOz30Qnui0/72qpjx6lI6W18LpStaeo/AoJIUy22CxI+IHLfDMp HXeYwyDzH/z8nqp3+9qtI6WH0e4M1ATRAO7ALxp2KOpsCyE6AV+smyizT2Zpk0iW1CVwgR 7HLiz5wFN9vi2UocbH+qNY0jusT+TjgHcTTQc5eH36/OoYMuks95ecwg5X7S8A== From: Matthias Fischer To: development@lists.ipfire.org Subject: [PATCH] bind: Update to 9.11.28 Date: Fri, 19 Feb 2021 18:44:27 +0100 Message-Id: <20210219174427.1221-1-matthias.fischer@ipfire.org> X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" For details see: https://downloads.isc.org/isc/bind9/9.11.28/RELEASE-NOTES-bind-9.11.28.html "Notes for BIND 9.11.28 Security Fixes When tkey-gssapi-keytab or tkey-gssapi-credential was configured, a specially crafted GSS-TSIG query could cause a buffer overflow in the ISC implementation of SPNEGO (a protocol enabling negotiation of the security mechanism to use for GSSAPI authentication). This flaw could be exploited to crash named. Theoretically, it also enabled remote code execution, but achieving the latter is very difficult in real-world conditions. (CVE-2020-8625) This vulnerability was responsibly reported to us as ZDI-CAN-12302 by Trend Micro Zero Day Initiative. [GL #2354]" Signed-off-by: Matthias Fischer --- config/rootfiles/common/bind | 6 +++--- lfs/bind | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/config/rootfiles/common/bind b/config/rootfiles/common/bind index d18332bf4..c3235bb8f 100644 --- a/config/rootfiles/common/bind +++ b/config/rootfiles/common/bind @@ -272,12 +272,12 @@ usr/lib/libbind9.so.161 usr/lib/libbind9.so.161.0.4 #usr/lib/libdns.la #usr/lib/libdns.so -usr/lib/libdns.so.1112 -usr/lib/libdns.so.1112.0.2 +usr/lib/libdns.so.1113 +usr/lib/libdns.so.1113.0.1 #usr/lib/libisc.la #usr/lib/libisc.so usr/lib/libisc.so.1107 -usr/lib/libisc.so.1107.0.4 +usr/lib/libisc.so.1107.0.5 #usr/lib/libisccc.la #usr/lib/libisccc.so usr/lib/libisccc.so.161 diff --git a/lfs/bind b/lfs/bind index 0069fea59..3047ac83e 100644 --- a/lfs/bind +++ b/lfs/bind @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2020 IPFire Team # +# Copyright (C) 2007-2021 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -25,7 +25,7 @@ include Config -VER = 9.11.26 +VER = 9.11.28 THISAPP = bind-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -43,7 +43,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 1e5fb81b0ef562d32a19e579c0183f1a +$(DL_FILE)_MD5 = 59aa4d7be438b2c8103811d18f318c82 install : $(TARGET)