Nom du paquet
bind
Date
2009-12-03
Advisory ID
MDVSA-2009:313-1
Affected versions
2008.0 i586 , 2008.0 x86_64

Problem description

Some vulnerabilities were discovered and corrected in bind:

Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5
before 9.5.2-P1, 9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3,
and 9.0.x through 9.3.x with DNSSEC validation enabled and checking
disabled (CD), allows remote attackers to conduct DNS cache poisoning
attacks via additional sections in a response sent for resolution
of a recursive client query, which is not properly handled when the
response is processed at the same time as requesting DNSSEC records
(DO). (CVE-2009-4022).

Additionally BIND has been upgraded to the latest point release or
closest supported version by ISC.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

Updated packages

2008.0 i586

 9cd003fb37a121f79e78b1c14094b7db  2008.0/i586/bind-9.4.3-0.1mdv2008.0.i586.rpm
 7f07d510e3a8e1dfe311020bf86b599f  2008.0/i586/bind-devel-9.4.3-0.1mdv2008.0.i586.rpm
 fb8c5352c8a603bdd3f89e6051a2c48e  2008.0/i586/bind-utils-9.4.3-0.1mdv2008.0.i586.rpm 
 a82b381cd9675db308d95aee3fa5502f  2008.0/SRPMS/bind-9.4.3-0.1mdv2008.0.src.rpm

2008.0 x86_64

 1ac44bf21e8144fb7c4bf49b0c9e094f  2008.0/x86_64/bind-9.4.3-0.1mdv2008.0.x86_64.rpm
 2453e9625b1852561f6b6b6ebf17fdb2  2008.0/x86_64/bind-devel-9.4.3-0.1mdv2008.0.x86_64.rpm
 f8f5a39a4d1b33fef6a5441288fe0aa7  2008.0/x86_64/bind-utils-9.4.3-0.1mdv2008.0.x86_64.rpm 
 a82b381cd9675db308d95aee3fa5502f  2008.0/SRPMS/bind-9.4.3-0.1mdv2008.0.src.rpm

References