3afca26b11
bind: Use correct python interpreter path
...
The scripts currently reference "python33", fix this so they reference
python3. The move the python3 likely broke these.
(From OE-Core rev: 37a40fead443e211f0947d9d9bf2180d95630485)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2017-08-31 17:57:12 +01:00
8913e94511
bind: Security fix CVE-2016-6170
...
CVE-2016-6170: ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and
9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of
service (secondary DNS server crash) via a large AXFR response, and
possibly allows IXFR servers to cause a denial of service (IXFR client
crash) via a large IXFR response and allows remote authenticated users
to cause a denial of service (primary DNS server crash) via a large
UPDATE message.
External References:
https://nvd.nist.gov/vuln/detail/CVE-2016-6170
Patch from:
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=1bbcfe2fc84f57b1e4e075fb3bc2a1dd0a3a851f
(From OE-Core rev: 14abd767349bc868ca59838f1af3aaf17dfe4350)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com >
Signed-off-by: Ross Burton <ross.burton@intel.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2017-04-29 11:17:23 +01:00
e9c8cbdf02
bind: Security fix CVE-2016-8864
...
CVE-2016-8864: named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before
9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause
a denial of service (assertion failure and daemon exit) via a DNAME
record in the answer section of a response to a recursive query,
related to db.c and resolver.c.
External References:
https://nvd.nist.gov/vuln/detail/CVE-2016-8864
Patch from:
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=c1d0599a246f646d1c22018f8fa09459270a44b8
(From OE-Core rev: c06f3a5993c7d63d91840c2a4d5b621e946ef78f)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com >
Signed-off-by: Ross Burton <ross.burton@intel.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2017-04-29 11:17:23 +01:00
2a2592e0fd
bind: fix two CVEs
...
Add two CVE patches from upstream
git: https://www.isc.org/git/
1.CVE-2016-2775.patch
2.CVE-2016-2776.patch
(From OE-Core rev: 5f4588d675e400f13bb6001df04790c867a95230)
Signed-off-by: zhengruoqin <zhengrq.fnst@cn.fujitsu.com >
Signed-off-by: Ross Burton <ross.burton@intel.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2016-10-15 10:01:44 +01:00
a17e1599a3
bind: switch Python dependency to Python 3.x
...
(From OE-Core rev: a10fd8722fb7c5f2c5a206203d0c7f4237a86466)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2016-06-03 13:13:25 +01:00
74ab080d34
bind: CVE-2016-2088
...
Duplicate EDNS COOKIE options in a response could trigger an
assertion failure: Fix with a backport.
bind as built with the oe-core recipe is not at risk: Only servers
which are built with DNS cookie support (--enable-sit) are vulnerable
to denial of service.
Fixes [YOCTO #9438 ]
(From OE-Core rev: da38a9840b32e80464e2938395db5c9167729f7e)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com >
Signed-off-by: Ross Burton <ross.burton@intel.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2016-04-18 16:28:22 +01:00
c3c55478f5
bind: CVE-2016-1285 CVE-2016-1286
...
Fixes following vulnerabilities:
CVE-2016-1285 bind: malformed packet sent to rndc can trigger assertion failure
CVE-2016-1286 bind: malformed signature records for DNAME records can
trigger assertion failure
[YOCTO #9400 ]
External References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1285
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286
References to the Upstream commits and Security Advisories:
===========================================================
CVE-2016-1285: https://kb.isc.org/article/AA-01352
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch ;
h=70037e040e587329cec82123e12b9f4f7c945f67
CVE-2016-1286_1: https://kb.isc.org/article/AA-01353
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch ;
h=a3d327bf1ceaaeabb20223d8de85166e940b9f12
CVE-2016-1286_2: https://kb.isc.org/article/AA-01353
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch ;
h=7602be276a73a6eb5431c5acd9718e68a55e8b61
(From OE-Core rev: 080d1a313e4982dd05846b375ebf936c46934d80)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com >
Signed-off-by: Ross Burton <ross.burton@intel.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2016-04-14 10:58:33 +01:00
bc100b33ef
bind: /var/cache/bind
...
Change the ownership of /var/cache/bind to bind rather than root.
(From OE-Core rev: 6c76c9e5bb4f4bf6adfac7ccece03d7dcdea7f3d)
Signed-off-by: Joe Slater <jslater@windriver.com >
Signed-off-by: Ross Burton <ross.burton@intel.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2016-03-25 10:29:17 +00:00
9967746a35
bind: update to 9.10.3-P3
...
Addresses CVE-2015-8704 and CVE-2015-8705
CVE-2015-8704
Allows remote authenticated users to cause a denial of service via a malformed Address Prefix List record
CVE-2015-8705:
When debug loggin is enabled, allows remote attackers to cause a denial of service or have possibly unspecified impact via OPT data or ECS option
[YOCTO 8966]
References:
https://kb.isc.org/article/AA-01346/0/BIND-9.10.3-P3-Release-Notes.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8705
(From OE-Core rev: 58d47cdf91076cf055046ce9ec5f3e2e21dae1c0)
Signed-off-by: Ross Burton <ross.burton@intel.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2016-01-26 22:31:59 +00:00
Richard Purdie
Yi Zhao
Zheng Ruoqin
Alexander Kanavin
Jussi Kukkonen
Sona Sarmadi
Joe Slater
Derek Straka