OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Mark_Andrews_at_isc.org
Date: Sat Nov 16 2002 - 23:58:00 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

                            BIND 8.2.7 Release

    BIND 8.2.7 is security release. BIND 8.3.4 and BIND 4.9.11 are being
    released simultaneously.

    The recommended version to use is BIND 9.2.1. If for whatever reason you
    must run BIND 8, use nothing earlier than 8.2.7-REL, 8.3.4-REL. Do not
    under any circumstances run BIND 4.

    'named' is *not* vulnerable to this security problem.

    Highlights vs. 8.2.7
            Security Fix DoS and buffer overrun.

    Highlights vs. 8.2.5
            Security Fix libbind. All applications linked against libbind
            need to relinked.

    the distribution files are:

    ftp://ftp.isc.org/isc/bind/src/8.2.7/bind-src.tar.gz
    ftp://ftp.isc.org/isc/bind/src/8.2.7/bind-doc.tar.gz
    ftp://ftp.isc.org/isc/bind/src/8.2.7/bind-contrib.tar.gz

    the pgp signature files are:

    ftp://ftp.isc.org/isc/bind/src/8.2.7/bind-src.tar.gz.asc
    ftp://ftp.isc.org/isc/bind/src/8.2.7/bind-doc.tar.gz.asc
    ftp://ftp.isc.org/isc/bind/src/8.2.7/bind-contrib.tar.gz.asc

    the md5 checksums are:

    MD5 (bind-contrib.tar.gz) = 2431acad9433d7c0442843eb79ac7708
    MD5 (bind-contrib.tar.gz.asc) = aa19a16ad09d53d3111dd973a8f71fda
    MD5 (bind-doc.tar.gz) = 3761a6501d65b3dbb11ac30b796b23a2
    MD5 (bind-doc.tar.gz.asc) = 3aa77127d4dcb69b809ed059f64486c8
    MD5 (bind-src.tar.gz) = 88590b3d4b7ea83728d36d3f0c7eeaf2
    MD5 (bind-src.tar.gz.asc) = c01994454d71183a550b12064193e6df

    Windows NT / Windows 2000 binary distribution.

            Not Available. Upgrade to BIND 8.3.4 or BIND 9.2.1.

    top of CHANGES says:

            --- 8.2.7-REL released --- (Fri Nov 15 00:55:19 PST 2002)

    1469. [bug] buffer length calculation for PX was wrong.

    1468. [bug] ns_name_ntol() could overwite a zero length buffer.

    1466. [bug] large ENDS UDP buffer size could trigger a assertion.

    1465. [bug] possible NULL pointer dereference in db_sec.c

    1464. [bug] the buffer used to construct the -ve record was not
                            big enough for all possible SOA records. use pointer
                            arithmetic to calculate the remaining size in this
                            buffer.

    1463. [bug] use serial space arithmetic to determine if a SIG is
                            too old, in the future or has internally constistant
                            times.

    1462. [bug] write buffer overflow in make_rr().

    1345. [port] 64k answer buffers were causing stack space to be
                            exceeded for certian OS. Use heap space instead.

    1300. [bug] read buffer overflows.

            --- 8.2.6-REL released --- (Wed Jun 26 21:15:43 PDT 2002)