upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-14 23:30:01 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

4270. [security] Update allowed OpenSSL versions as named is

Browse source 
potentially vulnerable to CVE-2015-3193.

(cherry picked from commit 10d7ab44cc)
This commit is contained in:
Mark Andrews 2015-12-04 10:28:22 +11:00
parent 4db36f766e
commit 9168a21871
3 changed files with 25 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
CHANGES
View file

@ -1,3 +1,6 @@
4270. [security] Update allowed OpenSSL versions as named is
potentially vulnerable to CVE-2015-3193.
4269. [bug] Zones using "map" format master files currently
don't work as policy zones. This limitation has
now been documented; attempting to use such zones

16
configure vendored
View file

@ -15803,12 +15803,17 @@ else
int main() {
if ((OPENSSL_VERSION_NUMBER >= 0x009070cfL &&
OPENSSL_VERSION_NUMBER < 0x00908000L) ||
OPENSSL_VERSION_NUMBER >= 0x0090804fL)
OPENSSL_VERSION_NUMBER >= 0x0090804fL &&
OPENSSL_VERSION_NUMBER < 0x10002000L) ||
OPENSSL_VERSION_NUMBER >= 0x1000205fL)
return (0);
printf("\n\nFound OPENSSL_VERSION_NUMBER %#010x\n",
OPENSSL_VERSION_NUMBER);
printf("Require OPENSSL_VERSION_NUMBER 0x009070cf or greater (0.9.7l)\n"
"Require OPENSSL_VERSION_NUMBER 0x0090804f or greater (0.9.8d)\n\n");
"Require OPENSSL_VERSION_NUMBER 0x0090804f or greater (0.9.8d)\n"
"Require OPENSSL_VERSION_NUMBER 0x1000000f or greater (1.0.0)\n"
"Require OPENSSL_VERSION_NUMBER 0x1000100f or greater (1.0.1)\n"
"Require OPENSSL_VERSION_NUMBER 0x1000205f or greater (1.0.2e)\n\n");
return (1);
}
@ -24708,11 +24713,12 @@ WARNING Your OpenSSL crypto library may be vulnerable to WARNING
WARNING one or more of the the following known security WARNING
WARNING flaws: WARNING
WARNING WARNING
WARNING CAN-2002-0659, CAN-2006-4339, CVE-2006-2937 and WARNING
WARNING CVE-2006-2940. WARNING
WARNING CAN-2002-0659, CAN-2006-4339, CVE-2006-2937, WARNING
WARNING CVE-2006-2940 and CVE-2015-3193. WARNING
WARNING WARNING
WARNING It is recommended that you upgrade to OpenSSL WARNING
WARNING version 0.9.8d/0.9.7l (or greater). WARNING
WARNING version 1.0.2e/1.0.1/1.0.0/0.9.9/0.9.8d/0.9.7l WARNING
WARNING (or greater). WARNING
WARNING WARNING
WARNING You can disable this warning by specifying: WARNING
WARNING WARNING

16
configure.in
View file

@ -1573,12 +1573,17 @@ yes|'')
int main() {
if ((OPENSSL_VERSION_NUMBER >= 0x009070cfL &&
OPENSSL_VERSION_NUMBER < 0x00908000L) ||
OPENSSL_VERSION_NUMBER >= 0x0090804fL)
OPENSSL_VERSION_NUMBER >= 0x0090804fL &&
OPENSSL_VERSION_NUMBER < 0x10002000L) ||
OPENSSL_VERSION_NUMBER >= 0x1000205fL)
return (0);
printf("\n\nFound OPENSSL_VERSION_NUMBER %#010x\n",
OPENSSL_VERSION_NUMBER);
printf("Require OPENSSL_VERSION_NUMBER 0x009070cf or greater (0.9.7l)\n"
"Require OPENSSL_VERSION_NUMBER 0x0090804f or greater (0.9.8d)\n\n");
"Require OPENSSL_VERSION_NUMBER 0x0090804f or greater (0.9.8d)\n"
"Require OPENSSL_VERSION_NUMBER 0x1000000f or greater (1.0.0)\n"
"Require OPENSSL_VERSION_NUMBER 0x1000100f or greater (1.0.1)\n"
"Require OPENSSL_VERSION_NUMBER 0x1000205f or greater (1.0.2e)\n\n");
return (1);
}
],
@ -4974,11 +4979,12 @@ WARNING Your OpenSSL crypto library may be vulnerable to WARNING
WARNING one or more of the the following known security WARNING
WARNING flaws: WARNING
WARNING WARNING
WARNING CAN-2002-0659, CAN-2006-4339, CVE-2006-2937 and WARNING
WARNING CVE-2006-2940. WARNING
WARNING CAN-2002-0659, CAN-2006-4339, CVE-2006-2937, WARNING
WARNING CVE-2006-2940 and CVE-2015-3193. WARNING
WARNING WARNING
WARNING It is recommended that you upgrade to OpenSSL WARNING
WARNING version 0.9.8d/0.9.7l (or greater). WARNING
WARNING version 1.0.2e/1.0.1/1.0.0/0.9.9/0.9.8d/0.9.7l WARNING
WARNING (or greater). WARNING
WARNING WARNING
WARNING You can disable this warning by specifying: WARNING
WARNING WARNING