NetBSD/dist/bind/lib
adrianp ee74a1421a Fixes for CVE-2006-4095 and CVE-2006-4096 from bind-9.3.2-P1
* Assertion failure in ISC BIND SIG query processing (CVE-2006-4095)

- Recursive servers
Queries for SIG records will trigger an assertion failure if more
than one RRset is returned. However exposure can be minimized by
restricting which sources can ask for recursion.

- Authoritative servers
If a nameserver is serving a RFC 2535 DNSSEC zone and is queried
for the SIG records where there are multiple RRsets, then the
named program will trigger an assertion failure when it tries
to construct the response.

* INSIST failure in ISC BIND recursive query handling code (CVE-2006-4096)

It is possible to trigger an INSIST failure by sending enough
recursive queries such that the response to the query arrives after
all the clients waiting for the response have left the recursion
queue. However exposure can be minimized by restricting which sources
can ask for recursion.

ok'ed christos@
2006-09-05 19:31:47 +00:00
..
bind force all assertions on when __COVERITY__ is set 2006-08-23 04:10:51 +00:00
bind9 import the real 9.3.2 not 9.2.3. 2005-12-21 23:06:48 +00:00
dns Fixes for CVE-2006-4095 and CVE-2006-4096 from bind-9.3.2-P1 2006-09-05 19:31:47 +00:00
isc force all assertions on when __COVERITY__ is set 2006-08-23 04:10:51 +00:00
isccc import the real 9.3.2 not 9.2.3. 2005-12-21 23:16:49 +00:00
isccfg import the real 9.3.2 not 9.2.3. 2005-12-21 23:16:49 +00:00
lwres resolve conflicts. 2005-12-22 00:26:23 +00:00
tests import the real 9.3.2 not 9.2.3. 2005-12-21 23:16:49 +00:00
win32/bindevt import the real 9.3.2 not 9.2.3. 2005-12-21 23:16:49 +00:00
Makefile.in import the real 9.3.2 not 9.2.3. 2005-12-21 23:06:48 +00:00