CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2021/04/29 03:28:31
Modified files:
net/isc-bind : Makefile distinfo
net/isc-bind/patches: patch-bin_dig_dig_c patch-bin_dig_host_c
patch-configure_ac
patch-lib_isc_unix_socket_c
net/isc-bind/pkg: PLIST
Removed files:
net/isc-bind/patches: patch-lib_dns_spnego_c
patch-lib_isc_netmgr_netmgr_c
patch-lib_isccfg_aclconf_c
Log message:
update to bind-9.16.15 for fixes for these 3 CVEs; if you are running
this please test and report back if you see problems; in the run-up
to OpenBSD 6.9 we dropped back to 9.16.10 due to problems in interim
releases
CVE-2021-25214: A broken inbound incremental zone update (IXFR)
can cause named to terminate unexpectedly
https://kb.isc.org/docs/cve-2021-25214
CVE-2021-25215: An assertion check can fail while answering queries for
DNAME records that require the DNAME to be processed to resolve itself
https://kb.isc.org/docs/cve-2021-25215
CVE-2021-25216: A second vulnerability in BIND's GSSAPI security policy
negotiation can be targeted by a buffer overflow attack
https://kb.isc.org/docs/cve-2021-25216
