Hello Jorgen,

Given you ask on this list, I assume you are asking if this CVE is fixed in
FreeIPA DNS feature which utilizes BIND.

The answer is - "it depends" :-) As the bug itself is in BIND, it depends if
the patch made it for given downstream platform. As for Fedora and/or RHEL, I
checked with the BIND maintainer and the fix is there, live.

You can check the tracking bug, which is now public:
https://bugzilla.redhat.com/show_bug.cgi?id=1247361

HTH,
Martin

On 07/29/2015 06:41 AM, Jorgen Lundman wrote:
> 
> Took a look at the diff while I was waiting:
> 
> diff -rub bind-9.9.7-P1/lib/dns/tkey.c bind-9.9.7-P2/lib/dns/tkey.c
> --- bind-9.9.7-P1/lib/dns/tkey.c        2015-06-18 07:48:03.000000000 +0900
> +++ bind-9.9.7-P2/lib/dns/tkey.c        2015-07-15 08:50:22.000000000 +0900
> @@ -650,6 +650,7 @@
>                  * Try the answer section, since that's where Win2000
>                  * puts it.
>                  */
> +               name = NULL;
>                 if (dns_message_findname(msg, DNS_SECTION_ANSWER, qname,
>                                          dns_rdatatype_tkey, 0, &name,
>                                          &tkeyset) != ISC_R_SUCCESS) {
> 
> 
> Sigh. All that work for one line. :)
> 
> Lund
> 
> Jorgen Lundman wrote:
>>
>> Hola!
>>
>> So with todays advisory: https://kb.isc.org/article/AA-01272
>> we finally get to test the procedure to patch and update here :)
>>
>> Are there any plans for the dynamic_db github to pull in the fix, or should
>> I proceed with that step?
>>
>> Sincerely,
>>
>> Lund
>>
> 

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to