http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt This patch incorporates the fix as a temporary solution until the next update of this port.
Maintainer of dns/nsd, Please note that PR ports/170024 has just been submitted. If it contains a patch for an upgrade, an enhancement or a bug fix you agree on, reply to this email stating that you approve the patch and a committer will take care of it. The full text of the PR can be found at: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/170024 -- Edwin Groothuis via the GNATS Auto Assign Tool edwin@FreeBSD.org
State Changed From-To: open->feedback Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Responsible Changed From-To: freebsd-ports-bugs->crees I should probably look after this one.
Author: crees Date: Fri Jul 20 14:53:03 2012 New Revision: 301228 URL: http://svn.freebsd.org/changeset/ports/301228 Log: Document nsd vulnerability The referenced PR contains a fix that bumps PORTREVISION, so the entry will not match fixed versions. PR: ports/170024 Obtained from: http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt Security: CVE-2012-2978 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Jul 20 14:41:24 2012 (r301227) +++ head/security/vuxml/vuln.xml Fri Jul 20 14:53:03 2012 (r301228) @@ -52,6 +52,37 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="ce82bfeb-d276-11e1-92c6-14dae938ec40"> + <topic>dns/nsd -- DoS vulnerability from non-standard DNS packet</topic> + <affects> + <package> + <name>nsd</name> + <range><lt>3.2.11_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Marek Vavrusa and Lubos Slovak report:</p> + <blockquote cite="http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt"> + <p>It is possible to crash (SIGSEGV) a NSD child server process + by sending it a non-standard DNS packet from any host on the + internet. A crashed child process will automatically be restarted + by the parent process, but an attacker may keep the NSD server + occupied restarting child processes by sending it a stream of + such packets effectively preventing the NSD server to serve.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2012-2978</cvename> + <freebsdpr>ports/170024</freebsdpr> + </references> + <dates> + <discovery>2012-07-19</discovery> + <entry>2012-07-20</entry> + </dates> + </vuln> + <vuln vid="a460035e-d111-11e1-aff7-001fd056c417"> <topic>libjpeg-turbo -- heap-based buffer overflow</topic> <affects> _______________________________________________ svn-ports-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-ports-all To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
> Maintainer of dns/nsd, > Please note that PR ports/170024 has just been submitted. Yesterday I already send a PR for this problem, See http://www.freebsd.org/cgi/query-pr.cgi?pr=170001 Please use that instead. jaap > If it contains a patch for an upgrade, an enhancement or a bug fix > you agree on, reply to this email stating that you approve the patch > and a committer will take care of it. > > The full text of the PR can be found at: > http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/170024 > > -- > Edwin Groothuis via the GNATS Auto Assign Tool > edwin@FreeBSD.org
Oops, quite right. I'll get it in within the hour. Chris
State Changed From-To: feedback->closed Duplicate of ports/170001