Hello Jorgen, Given you ask on this list, I assume you are asking if this CVE is fixed in FreeIPA DNS feature which utilizes BIND.
The answer is - "it depends" :-) As the bug itself is in BIND, it depends if the patch made it for given downstream platform. As for Fedora and/or RHEL, I checked with the BIND maintainer and the fix is there, live. You can check the tracking bug, which is now public: https://bugzilla.redhat.com/show_bug.cgi?id=1247361 HTH, Martin On 07/29/2015 06:41 AM, Jorgen Lundman wrote: > > Took a look at the diff while I was waiting: > > diff -rub bind-9.9.7-P1/lib/dns/tkey.c bind-9.9.7-P2/lib/dns/tkey.c > --- bind-9.9.7-P1/lib/dns/tkey.c 2015-06-18 07:48:03.000000000 +0900 > +++ bind-9.9.7-P2/lib/dns/tkey.c 2015-07-15 08:50:22.000000000 +0900 > @@ -650,6 +650,7 @@ > * Try the answer section, since that's where Win2000 > * puts it. > */ > + name = NULL; > if (dns_message_findname(msg, DNS_SECTION_ANSWER, qname, > dns_rdatatype_tkey, 0, &name, > &tkeyset) != ISC_R_SUCCESS) { > > > Sigh. All that work for one line. :) > > Lund > > Jorgen Lundman wrote: >> >> Hola! >> >> So with todays advisory: https://kb.isc.org/article/AA-01272 >> we finally get to test the procedure to patch and update here :) >> >> Are there any plans for the dynamic_db github to pull in the fix, or should >> I proceed with that step? >> >> Sincerely, >> >> Lund >> > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
