kumquat-buildroot/package/bind
Fabrice Fontaine 54f6e1f81f package/bind: security bump to version 9.16.44
Fix CVE-2023-3341: The code that processes control channel messages sent
to `named` calls certain functions recursively during packet parsing.
Recursion depth is only limited by the maximum accepted packet size;
depending on the environment, this may cause the packet-parsing code to
run out of available stack memory, causing `named` to terminate
unexpectedly. Since each incoming control channel message is fully
parsed before its contents are authenticated, exploiting this flaw does
not require the attacker to hold a valid RNDC key; only network access
to the control channel's configured TCP port is necessary. This issue
affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18,
9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1
through 9.18.18-S1.

https://ftp.isc.org/isc/bind9/9.16.44/CHANGES

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-09-28 11:26:19 +02:00
..
0001-cross.patch
bind.hash package/bind: security bump to version 9.16.44 2023-09-28 11:26:19 +02:00
bind.mk package/bind: security bump to version 9.16.44 2023-09-28 11:26:19 +02:00
Config.in
named.service
S81named