[Buildroot] [PATCH] package/bind: security bump to version 9.11.28

Peter Korsgaard peter at korsgaard.com
Sat Feb 27 18:41:27 UTC 2021


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
 >> Fixes the following security issue:
 >> - CVE-2020-8625: When tkey-gssapi-keytab or tkey-gssapi-credential was
 >> configured, a specially crafted GSS-TSIG query could cause a buffer
 >> overflow in the ISC implementation of SPNEGO (a protocol enabling
 >> negotiation of the security mechanism to use for GSSAPI authentication).
 >> This flaw could be exploited to crash named.  Theoretically, it also
 >> enabled remote code execution, but achieving the latter is very difficult
 >> in real-world conditions

 >> For details, see the advisory:
 >> https://kb.isc.org/docs/cve-2020-8625

 >> In addition, 9.11.26-27 fixed a number of issues, see the release notes for
 >> details:
 >> https://downloads.isc.org/isc/bind9/9.11.28/RELEASE-NOTES-bind-9.11.28.html

 >> Drop now upstreamed patches, update the GPG key for the 2021-2022 variant
 >> and update the COPYRIGHT hash for a change of year:

 >> -Copyright (C) 1996-2020  Internet Systems Consortium, Inc. ("ISC")
 >> +Copyright (C) 1996-2021  Internet Systems Consortium, Inc. ("ISC")

 >> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2020.02.x and 2020.11.x, thanks.

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list