Home » 2009 » December » 24 » [SECURITY] [DSA 1961-1] New bind9 packages fix cache poisoning
1:48 PM
[SECURITY] [DSA 1961-1] New bind9 packages fix cache poisoning
Hash: SHA1

- ------------------------------
------------------------------------------
Debian Security Advisory DSA-1961-1                  security@debian.org
http://www.debian.org/security/                           Florian Weimer
December 23, 2009                     http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : bind9
Vulnerability  : DNS cache poisoning
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2009-4022
CERT advisory  : VU#418861

Michael Sinatra discovered that the DNS resolver component in BIND
does not properly check DNS records contained in additional sections
of DNS responses, leading to a cache poisoning vulnerability.  This
vulnerability is only present in resolvers which have been configured
with DNSSEC trust anchors, which is still rare.

Note that this update contains an internal ABI change, which means
that all BIND-related packages (bind9, dnsutils and the library
packages) must be updated at the same time (preferably using "apt-get
update" and "apt-get upgrade").  In the unlikely event that you have
compiled your own software against libdns, you must recompile this
programs, too.

For the old stable distribution (etch), this problem has been fixed in
version 9.3.4-2etch6.

For the stable distribution (lenny), this problem has been fixed in
version 9.5.1.dfsg.P3-1+lenny1.

For the unstable distribution (sid) and the testing distribution
(squeeze), this problem has been fixed in version 9.6.1.dfsg.P2-1.

We recommend that you upgrade your bind9 packages.

Upgrade instructions
- --------------------

wget url
       will fetch the file for you
dpkg -i file.deb
       will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
       will update the internal database
apt-get upgrade
       will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.
Views: 406 | Added by: b1zz4rd | Rating: 0.0/0
Total comments: 0
Name *:
Email *:
Code *: