[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE request: BIND 9 bug involving DNSSEC and the additional section
From: Florian Weimer <fw () deneb ! enyo ! de>
Date: 2009-11-24 15:23:40
Message-ID: 87ocmsosjn.fsf () mid ! deneb ! enyo ! de
[Download RAW message or body]
Fixed in BIND 9.6.1-P2, 9.5.2-P1 and 9.4.3-P4, per recent
announcements.
2772. [security] When validating, track whether pending data was from
the additional section or not and only return it if
validates as secure. [RT #20438]
The advisory at <https://www.isc.org/node/504> is rather unclear. The
way it is written, one would assume that the in-bailiwick checks are
bypassed as well. Is this really true? (Based on a quick look at the
patch, this seems to happen only for secure domains, that is, you need
some trust anchors.)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic