Searched hist:163976 (Results 1 - 3 of 3) sorted by relevance
| /freebsd-9.3-release/contrib/bind9/ | ||
| H A D | configure.in | diff 163976 Sat Nov 04 05:53:25 MST 2006 dougb Update to version 9.3.2-P2, which addresses the vulnerability announced by ISC dated 31 October (delivered via e-mail to the bind-announce@isc.org list on 2 November): Description: Because of OpenSSL's recently announced vulnerabilities (CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named, we are announcing this workaround and releasing patches. A proof of concept attack on OpenSSL has been demonstrated for CAN-2006-4339. OpenSSL is required to use DNSSEC with BIND. Fix for version 9.3.2-P1 and lower: Upgrade to BIND 9.3.2-P2, then generate new RSASHA1 and RSAMD5 keys for all old keys using the old default exponent and perform a key rollover to these new keys. These versions also change the default RSA exponent to be 65537 which is not vulnerable to the attacks described in CAN-2006-4339. |
| H A D | version | diff 163976 Sat Nov 04 05:53:25 MST 2006 dougb Update to version 9.3.2-P2, which addresses the vulnerability announced by ISC dated 31 October (delivered via e-mail to the bind-announce@isc.org list on 2 November): Description: Because of OpenSSL's recently announced vulnerabilities (CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named, we are announcing this workaround and releasing patches. A proof of concept attack on OpenSSL has been demonstrated for CAN-2006-4339. OpenSSL is required to use DNSSEC with BIND. Fix for version 9.3.2-P1 and lower: Upgrade to BIND 9.3.2-P2, then generate new RSASHA1 and RSAMD5 keys for all old keys using the old default exponent and perform a key rollover to these new keys. These versions also change the default RSA exponent to be 65537 which is not vulnerable to the attacks described in CAN-2006-4339. |
| /freebsd-9.3-release/contrib/bind9/lib/dns/ | ||
| H A D | opensslrsa_link.c | |
Completed in 187 milliseconds