[Buildroot] [PATCH] package/bind: security bump to version 9.11.31
Peter Korsgaard
peter at korsgaard.com
Fri May 7 07:23:08 UTC 2021
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security issues:
> - A malformed incoming IXFR transfer could trigger an assertion failure in
> named, causing it to quit abnormally. (CVE-2021-25214)
> - named crashed when a DNAME record placed in the ANSWER section during
> DNAME chasing turned out to be the final answer to a client query.
> (CVE-2021-25215)
> - When a server's configuration set the tkey-gssapi-keytab or
> tkey-gssapi-credential option, a specially crafted GSS-TSIG query could
> cause a buffer overflow in the ISC implementation of SPNEGO (a protocol
> enabling negotiation of the security mechanism used for GSSAPI
> authentication). This flaw could be exploited to crash named binaries
> compiled for 64-bit platforms, and could enable remote code execution when
> named was compiled for 32-bit platforms. (CVE-2021-25216)
> For more details, see the release notes:
> https://downloads.isc.org/isc/bind9/9.11.31/RELEASE-NOTES-bind-9.11.31.html
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2021.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list