[Buildroot] [PATCH] package/bind: security bump to version 9.11.28
Peter Korsgaard
peter at korsgaard.com
Sat Feb 27 18:41:27 UTC 2021
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
>> Fixes the following security issue:
>> - CVE-2020-8625: When tkey-gssapi-keytab or tkey-gssapi-credential was
>> configured, a specially crafted GSS-TSIG query could cause a buffer
>> overflow in the ISC implementation of SPNEGO (a protocol enabling
>> negotiation of the security mechanism to use for GSSAPI authentication).
>> This flaw could be exploited to crash named. Theoretically, it also
>> enabled remote code execution, but achieving the latter is very difficult
>> in real-world conditions
>> For details, see the advisory:
>> https://kb.isc.org/docs/cve-2020-8625
>> In addition, 9.11.26-27 fixed a number of issues, see the release notes for
>> details:
>> https://downloads.isc.org/isc/bind9/9.11.28/RELEASE-NOTES-bind-9.11.28.html
>> Drop now upstreamed patches, update the GPG key for the 2021-2022 variant
>> and update the COPYRIGHT hash for a change of year:
>> -Copyright (C) 1996-2020 Internet Systems Consortium, Inc. ("ISC")
>> +Copyright (C) 1996-2021 Internet Systems Consortium, Inc. ("ISC")
>> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2020.02.x and 2020.11.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list