Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 20 Jan 2010 06:36:01 GMT
From:      Andrei Lavreniyuk <andy.lavr@reactor-xg.kiev.ua>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/143000: [UPDATE] ports/dns/bind94
Message-ID:  <201001200636.o0K6a125008086@www.freebsd.org>
Resent-Message-ID: <201001200640.o0K6e76t047971@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         143000
>Category:       ports
>Synopsis:       [UPDATE] ports/dns/bind94
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jan 20 06:40:07 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Andrei Lavreniyuk
>Release:        FreeBSD 8.0-STABLE
>Organization:
Technica-03, Inc.
>Environment:
FreeBSD datacenter.technica-03.local 8.0-STABLE FreeBSD 8.0-STABLE #0: Sat Jan  9 10:23:32 EET 2010     root@datacenter.technica-03.local:/usr/obj/usr/src/sys/SMP64  amd64
>Description:
 BIND 9.4.3-P5 is now available.

BIND 9.4.3-P5 is a SECURITY PATCH for BIND 9.4.3.  It addresses two
potential cache poisoning vulnerabilities, both of which could allow
a validating recursive nameserver to cache data which had not been
authenticated or was invalid.

        Bugs should be reported to bind9-bugs@isc.org.

CVE identifiers: CVE-2009-4022, CVE-2010-0097
CERT advisories: VU#418861, VU#360341.

Information about these vulnerabilities can be found at:

        https://www.isc.org/advisories/CVE-2009-4022v6
        https://www.isc.org/advisories/CVE-2010-0097

BIND 9.4.3-P5 can be downloaded from:

	ftp://ftp.isc.org/isc/bind9/9.4.3-P5/bind-9.4.3-P5.tar.gz

PGP signatures of the distribution are at:

	ftp://ftp.isc.org/isc/bind9/9.4.3-P5/bind-9.4.3-P5.tar.gz.asc
	ftp://ftp.isc.org/isc/bind9/9.4.3-P5/bind-9.4.3-P5.tar.gz.sha256.asc
	ftp://ftp.isc.org/isc/bind9/9.4.3-P5/bind-9.4.3-P5.tar.gz.sha512.asc

The signatures were generated with the ISC public key, which is
available at https://www.isc.org/about/openpgp

A binary kit for Windows XP, Windows 2003 and Windows 2008 is at:

	ftp://ftp.isc.org/isc/bind9/9.4.3-P5/BIND9.4.3-P5.zip
	ftp://ftp.isc.org/isc/bind9/9.4.3-P5/BIND9.4.3-P5.debug.zip

PGP signatures of the binary kit are at:
	
	ftp://ftp.isc.org/isc/bind9/9.4.3-P5/BIND9.4.3-P5.zip.asc
	ftp://ftp.isc.org/isc/bind9/9.4.3-P5/BIND9.4.3-P5.zip.sha256.asc
	ftp://ftp.isc.org/isc/bind9/9.4.3-P5/BIND9.4.3-P5.zip.sha512.asc
	ftp://ftp.isc.org/isc/bind9/9.4.3-P5/BIND9.4.3-P5.debug.zip.asc
	ftp://ftp.isc.org/isc/bind9/9.4.3-P5/BIND9.4.3-P5.debug.zip.sha256.asc
	ftp://ftp.isc.org/isc/bind9/9.4.3-P5/BIND9.4.3-P5.debug.zip.sha512.asc

Changes since 9.4.3-P4:

2831.	[security]	Do not attempt to validate or cache
			out-of-bailiwick data returned with a secure
			answer; it must be re-fetched from its original
			source and validated in that context. [RT #20819]

2828.	[security]	Cached CNAME or DNAME RR could be returned to clients
			without DNSSEC validation. [RT #20737]

2827.	[security]	Bogus NXDOMAIN could be cached as if valid. [RT #20712]


>How-To-Repeat:

>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201001200636.o0K6a125008086>