[Freeipa-users] bind-dynamicdb TKEY update
Martin Kosek
mkosek at redhat.com
Wed Jul 29 10:05:46 UTC 2015
Hello Jorgen,
Given you ask on this list, I assume you are asking if this CVE is fixed in
FreeIPA DNS feature which utilizes BIND.
The answer is - "it depends" :-) As the bug itself is in BIND, it depends if
the patch made it for given downstream platform. As for Fedora and/or RHEL, I
checked with the BIND maintainer and the fix is there, live.
You can check the tracking bug, which is now public:
https://bugzilla.redhat.com/show_bug.cgi?id=1247361
HTH,
Martin
On 07/29/2015 06:41 AM, Jorgen Lundman wrote:
>
> Took a look at the diff while I was waiting:
>
> diff -rub bind-9.9.7-P1/lib/dns/tkey.c bind-9.9.7-P2/lib/dns/tkey.c
> --- bind-9.9.7-P1/lib/dns/tkey.c 2015-06-18 07:48:03.000000000 +0900
> +++ bind-9.9.7-P2/lib/dns/tkey.c 2015-07-15 08:50:22.000000000 +0900
> @@ -650,6 +650,7 @@
> * Try the answer section, since that's where Win2000
> * puts it.
> */
> + name = NULL;
> if (dns_message_findname(msg, DNS_SECTION_ANSWER, qname,
> dns_rdatatype_tkey, 0, &name,
> &tkeyset) != ISC_R_SUCCESS) {
>
>
> Sigh. All that work for one line. :)
>
> Lund
>
> Jorgen Lundman wrote:
>>
>> Hola!
>>
>> So with todays advisory: https://kb.isc.org/article/AA-01272
>> we finally get to test the procedure to patch and update here :)
>>
>> Are there any plans for the dynamic_db github to pull in the fix, or should
>> I proceed with that step?
>>
>> Sincerely,
>>
>> Lund
>>
>
More information about the Freeipa-users
mailing list