Security fix to Bind-9.2.8/Bind-9.3.4

Stephen John Smoogen smooge at gmail.com
Sat Jan 27 01:20:33 UTC 2007 

The 9.3.4 affects FCL-5,6


		BIND 9.3.4 is now available.

BIND 9.3.4 is a security release for BIND 9.3.

        BIND 9.3.4 contains security fixes:

2126.	[security]	Serialise validation of type ANY responses. [RT #16555]

2124.	[security]	It was possible to dereference a freed fetch
			context. [RT #16584]

2089.	[security]	Raise the minimum safe OpenSSL versions to
			OpenSSL 0.9.7l and OpenSSL 0.9.8d.  Versions
			prior to these have known security flaws which
			are (potentially) exploitable in named. [RT #16391]

2088.	[security]	Change the default RSA exponent from 3 to 65537.
			[RT #16391]

2066.   [security]      Handle SIG queries gracefully. [RT #16300]

1941.   [bug]           ncache_adderesult() should set eresult even if no
                        rdataset is passed to it. [RT #15642]

        If you are running a BIND 9.3.x or BIND 9.4.x version without
        these changes you are advised to upgrade as soon as possible to
        one of BIND 9.3.4 or BIND 9.4.0rc2.

BIND 9.3.4 can be downloaded from

        ftp://ftp.isc.org/isc/bind9/9.3.4/bind-9.3.4.tar.gz

The PGP signature of the distribution is at

        ftp://ftp.isc.org/isc/bind9/9.3.4/bind-9.3.4.tar.gz.asc
        ftp://ftp.isc.org/isc/bind9/9.3.4/bind-9.3.4.tar.gz.sha256.asc
        ftp://ftp.isc.org/isc/bind9/9.3.4/bind-9.3.4.tar.gz.sha512.asc

The signature was generated with the ISC public key, which is
available at .

A binary kit for Windows 2000, Windows XP and Windows 2003 is at

	ftp://ftp.isc.org/isc/bind9/9.3.4/BIND9.3.4.zip
	ftp://ftp.isc.org/isc/bind9/9.3.4/BIND9.3.4.debug.zip

The PGP signature of the binary kit for Windows 2000, Windows XP and
Windows 2003 is at

	ftp://ftp.isc.org/isc/bind9/9.3.4/BIND9.3.4.zip.asc
	ftp://ftp.isc.org/isc/bind9/9.3.4/BIND9.3.4.zip.sha256.asc
	ftp://ftp.isc.org/isc/bind9/9.3.4/BIND9.3.4.zip.sha512.asc
	ftp://ftp.isc.org/isc/bind9/9.3.4/BIND9.3.4.debug.zip.asc
	ftp://ftp.isc.org/isc/bind9/9.3.4/BIND9.3.4.debug.zip.sha256.asc
	ftp://ftp.isc.org/isc/bind9/9.3.4/BIND9.3.4.debug.zip.sha512.asc

Note: There is no Windows NT 4.0 binary kit for BIND 9.3.4.
      Windows NT 4.0 is still supported in source form.

A list of changes made since 9.3.0 follows.  For earlier changes,
see the file CHANGES in the distribution.

--------

	--- 9.3.4 released ---

2126.	[security]	Serialise validation of type ANY responses. [RT #16555]

2124.	[security]	It was possible to dereference a freed fetch
			context. [RT #16584]





-- 
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

More information about the Fedora-security-list mailing list