Security fix to Bind-9.2.8/Bind-9.3.4
Stephen John Smoogen
smooge at gmail.com
Sat Jan 27 01:20:33 UTC 2007
The 9.3.4 affects FCL-5,6
BIND 9.3.4 is now available.
BIND 9.3.4 is a security release for BIND 9.3.
BIND 9.3.4 contains security fixes:
2126. [security] Serialise validation of type ANY responses. [RT #16555]
2124. [security] It was possible to dereference a freed fetch
context. [RT #16584]
2089. [security] Raise the minimum safe OpenSSL versions to
OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions
prior to these have known security flaws which
are (potentially) exploitable in named. [RT #16391]
2088. [security] Change the default RSA exponent from 3 to 65537.
[RT #16391]
2066. [security] Handle SIG queries gracefully. [RT #16300]
1941. [bug] ncache_adderesult() should set eresult even if no
rdataset is passed to it. [RT #15642]
If you are running a BIND 9.3.x or BIND 9.4.x version without
these changes you are advised to upgrade as soon as possible to
one of BIND 9.3.4 or BIND 9.4.0rc2.
BIND 9.3.4 can be downloaded from
ftp://ftp.isc.org/isc/bind9/9.3.4/bind-9.3.4.tar.gz
The PGP signature of the distribution is at
ftp://ftp.isc.org/isc/bind9/9.3.4/bind-9.3.4.tar.gz.asc
ftp://ftp.isc.org/isc/bind9/9.3.4/bind-9.3.4.tar.gz.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.3.4/bind-9.3.4.tar.gz.sha512.asc
The signature was generated with the ISC public key, which is
available at .
A binary kit for Windows 2000, Windows XP and Windows 2003 is at
ftp://ftp.isc.org/isc/bind9/9.3.4/BIND9.3.4.zip
ftp://ftp.isc.org/isc/bind9/9.3.4/BIND9.3.4.debug.zip
The PGP signature of the binary kit for Windows 2000, Windows XP and
Windows 2003 is at
ftp://ftp.isc.org/isc/bind9/9.3.4/BIND9.3.4.zip.asc
ftp://ftp.isc.org/isc/bind9/9.3.4/BIND9.3.4.zip.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.3.4/BIND9.3.4.zip.sha512.asc
ftp://ftp.isc.org/isc/bind9/9.3.4/BIND9.3.4.debug.zip.asc
ftp://ftp.isc.org/isc/bind9/9.3.4/BIND9.3.4.debug.zip.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.3.4/BIND9.3.4.debug.zip.sha512.asc
Note: There is no Windows NT 4.0 binary kit for BIND 9.3.4.
Windows NT 4.0 is still supported in source form.
A list of changes made since 9.3.0 follows. For earlier changes,
see the file CHANGES in the distribution.
--------
--- 9.3.4 released ---
2126. [security] Serialise validation of type ANY responses. [RT #16555]
2124. [security] It was possible to dereference a freed fetch
context. [RT #16584]
--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"
More information about the Fedora-security-list
mailing list