OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
ISC BIND 9.4.3-P5 is now available

From: Evan Hunt (eachisc.org)
Date: Tue Jan 19 2010 - 11:27:49 CST

                     BIND 9.4.3-P5 is now available.

BIND 9.4.3-P5 is a SECURITY PATCH for BIND 9.4.3. It addresses two
potential cache poisoning vulnerabilities, both of which could allow
a validating recursive nameserver to cache data which had not been
authenticated or was invalid.

        Bugs should be reported to bind9-bugsisc.org.

CVE identifiers: CVE-2009-4022, CVE-2010-0097
CERT advisories: VU#418861, VU#360341.

Information about these vulnerabilities can be found at:

        https://www.isc.org/advisories/CVE-2009-4022v6
        https://www.isc.org/advisories/CVE-2010-0097

BIND 9.4.3-P5 can be downloaded from:

        ftp://ftp.isc.org/isc/bind9/9.4.3-P5/bind-9.4.3-P5.tar.gz

PGP signatures of the distribution are at:

        ftp://ftp.isc.org/isc/bind9/9.4.3-P5/bind-9.4.3-P5.tar.gz.asc
        ftp://ftp.isc.org/isc/bind9/9.4.3-P5/bind-9.4.3-P5.tar.gz.sha256.asc
        ftp://ftp.isc.org/isc/bind9/9.4.3-P5/bind-9.4.3-P5.tar.gz.sha512.asc

The signatures were generated with the ISC public key, which is
available at https://www.isc.org/about/openpgp

A binary kit for Windows XP, Windows 2003 and Windows 2008 is at:

        ftp://ftp.isc.org/isc/bind9/9.4.3-P5/BIND9.4.3-P5.zip
        ftp://ftp.isc.org/isc/bind9/9.4.3-P5/BIND9.4.3-P5.debug.zip

PGP signatures of the binary kit are at:
        
        ftp://ftp.isc.org/isc/bind9/9.4.3-P5/BIND9.4.3-P5.zip.asc
        ftp://ftp.isc.org/isc/bind9/9.4.3-P5/BIND9.4.3-P5.zip.sha256.asc
        ftp://ftp.isc.org/isc/bind9/9.4.3-P5/BIND9.4.3-P5.zip.sha512.asc
        ftp://ftp.isc.org/isc/bind9/9.4.3-P5/BIND9.4.3-P5.debug.zip.asc
        ftp://ftp.isc.org/isc/bind9/9.4.3-P5/BIND9.4.3-P5.debug.zip.sha256.asc
        ftp://ftp.isc.org/isc/bind9/9.4.3-P5/BIND9.4.3-P5.debug.zip.sha512.asc

Changes since 9.4.3-P4:

2831. [security] Do not attempt to validate or cache
                        out-of-bailiwick data returned with a secure
                        answer; it must be re-fetched from its original
                        source and validated in that context. [RT #20819]

2828. [security] Cached CNAME or DNAME RR could be returned to clients
                        without DNSSEC validation. [RT #20737]

2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]

--
Evan Hunt -- eachisc.org
Internet Systems Consortium, Inc.

_______________________________________________
bind-announce mailing list
bind-announcelists.isc.org
https://lists.isc.org/mailman/listinfo/bind-announce