NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > BIND Announce> 2003

Internet Software Consortium Security Advisory: 5 March 2003

Mark_Andrewsisc.org
Date: Wed Mar 05 2003 - 20:34:55 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----

                Internet Software Consortium Security Advisory.
                             Status Update
                             5 March 2003

BIND 9.2.2 was released which contains fixes for previously
announced vulnerabilities.

        These were a remote buffer overflow documented in CERT advisory
        [CERT CA-2002-19] and enforcement of the minimum OpenSSL version
        [CERT CA-2002-23].

http://www.cert.org/advisories/CA-2002-19.html
http://www.cert.org/advisories/CA-2002-23.html

[CERT CA-2002-19]:

        BIND 9.2.0 and BIND 9.2.1 needs to be upgraded if you have not
        already applied the workaround listed in [CERT CA-2002-19] and
        you enabled libbind by specifying "configure --enable-libbind"
        when you built BIND 9.2.0 or BIND 9.2.1.

[CERT CA-2002-23]:

        BIND 9.[01].x needs to be upgraded if you have not applied the
        workaround listed in [CA-2002-23]. BIND 9.2.2 enforces a
        minimum OpenSSL version at compile time.

        BIND 9.2.0 and BIND 9.2.1 need to be upgraded if you built BIND
        with a vulnerable version of OpenSSL, "configure --with-openssl".
        BIND 9.2.2 enforces a minimum OpenSSL version at compile time.

You can test to see if BIND was built with OpenSSL by running:

dnssec-keygen -a rsa -b 512 -n zone foo

        If the command returns an error message which contains "built with
        no crypto support" then BIND was NOT linked against OpenSSL. This
        does NOT check the OpenSSL version in use.

If you are in doubt about your current BIND status upgrade.

The current BIND version can be found via:
http://www.isc.org/products/BIND/

The current BIND security page can be found via:
http://www.isc.org/products/BIND/bind-security.html

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQCVAwUBPmazLW2DN4pRurLtAQGVQQP+LceoGeFbjX7tbFe6v/BGuaqGLrxMvM9o
5IhC3dg96yXfb4L72RaCQHQINNHxRRGUQNCTnlbgc5e8KYSLUWdRVC2r/0ztbmj8
yZBK59/4SFw5VFMwycmFjbotuO9F2kqHX5qyc8rSi6rzxLOOW4zWL4Ie0EEk6v8Y
lCXGRGqC2PQ=
=oLnr
-----END PGP SIGNATURE-----

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]