mirror of
https://github.com/opnsense/src.git
synced 2026-07-08 16:51:51 -04:00
announced by ISC dated 31 October (delivered via e-mail to the bind-announce@isc.org list on 2 November): Description: Because of OpenSSL's recently announced vulnerabilities (CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named, we are announcing this workaround and releasing patches. A proof of concept attack on OpenSSL has been demonstrated for CAN-2006-4339. OpenSSL is required to use DNSSEC with BIND. Fix for version 9.3.2-P1 and lower: Upgrade to BIND 9.3.2-P2, then generate new RSASHA1 and RSAMD5 keys for all old keys using the old default exponent and perform a key rollover to these new keys. These versions also change the default RSA exponent to be 65537 which is not vulnerable to the attacks described in CAN-2006-4339. |
||
|---|---|---|
| .. | ||
| bind | ||
| bind9 | ||
| dns | ||
| isc | ||
| isccc | ||
| isccfg | ||
| lwres | ||
| Makefile.in | ||