MDVSA-2009:313-1
- Package name
- bind
- Date
- 2009-12-03
- Advisory ID
- MDVSA-2009:313-1
- Affected versions
- 2008.0 i586 , 2008.0 x86_64
Problem description
Some vulnerabilities were discovered and corrected in bind:
Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5
before 9.5.2-P1, 9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3,
and 9.0.x through 9.3.x with DNSSEC validation enabled and checking
disabled (CD), allows remote attackers to conduct DNS cache poisoning
attacks via additional sections in a response sent for resolution
of a recursive client query, which is not properly handled when the
response is processed at the same time as requesting DNSSEC records
(DO). (CVE-2009-4022).
Additionally BIND has been upgraded to the latest point release or
closest supported version by ISC.
Update:
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
Updated packages
2008.0 i586
9cd003fb37a121f79e78b1c14094b7db 2008.0/i586/bind-9.4.3-0.1mdv2008.0.i586.rpm 7f07d510e3a8e1dfe311020bf86b599f 2008.0/i586/bind-devel-9.4.3-0.1mdv2008.0.i586.rpm fb8c5352c8a603bdd3f89e6051a2c48e 2008.0/i586/bind-utils-9.4.3-0.1mdv2008.0.i586.rpm a82b381cd9675db308d95aee3fa5502f 2008.0/SRPMS/bind-9.4.3-0.1mdv2008.0.src.rpm
2008.0 x86_64
1ac44bf21e8144fb7c4bf49b0c9e094f 2008.0/x86_64/bind-9.4.3-0.1mdv2008.0.x86_64.rpm 2453e9625b1852561f6b6b6ebf17fdb2 2008.0/x86_64/bind-devel-9.4.3-0.1mdv2008.0.x86_64.rpm f8f5a39a4d1b33fef6a5441288fe0aa7 2008.0/x86_64/bind-utils-9.4.3-0.1mdv2008.0.x86_64.rpm a82b381cd9675db308d95aee3fa5502f 2008.0/SRPMS/bind-9.4.3-0.1mdv2008.0.src.rpm