Accepting request 507232 from home:simotek:branches:network

- Added bind-CVE-2017-3142-and-3143.patch to fix a security issue where an attacker with the ability to send and receive messages to an authoritative DNS server was able to circumvent TSIG authentication of AXFR requests. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into (1) providing an AXFR of a zone to an unauthorized recipient and (2) accepting bogus Notify packets. [bsc#1046554, CVE-2017-3142, bsc#1046555, CVE-2017-3143] OBS-URL: https://build.opensuse.org/request/show/507232 OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=211
2017-06-30 10:58:48 +00:00
parent 7b1425a23f
commit 43448a770a
3 changed files with 510 additions and 0 deletions
--- a/bind.changes
+++ b/bind.changes
@@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Fri Jun 30 07:12:50 UTC 2017 - sflees@suse.de
+
+- Added bind-CVE-2017-3142-and-3143.patch to fix a security issue
+  where an attacker with the ability to send and receive messages
+  to an authoritative DNS server was able to circumvent TSIG
+  authentication of AXFR requests. A server that relies solely on
+  TSIG keys for protection with no other ACL protection could be
+  manipulated into (1) providing an AXFR of a zone to an
+  unauthorized recipient and (2) accepting bogus Notify packets.
+  [bsc#1046554, CVE-2017-3142, bsc#1046555, CVE-2017-3143] 
+
 -------------------------------------------------------------------
 Sat May 20 11:46:44 UTC 2017 - dimstar@opensuse.org