ISC BIND 9.5.2-P2 is now available

Tue, 19 Jan 2010 09:37:50 -0800 

                     BIND 9.5.2-P2 is now available.

BIND 9.5.2-P2 is a SECURITY PATCH for BIND 9.5.2.  It addresses two
potential cache poisoning vulnerabilities, both of which could allow
a validating recursive nameserver to cache data which had not been
authenticated or was invalid.

        Bugs should be reported to bind9-b...@isc.org.

CVE identifiers: CVE-2009-4022, CVE-2010-0097
CERT advisories: VU#418861, VU#360341.

Information about these vulnerabilities can be found at:

        https://www.isc.org/advisories/CVE-2009-4022v6
        https://www.isc.org/advisories/CVE-2010-0097

BIND 9.5.2-P2 can be downloaded from:

        ftp://ftp.isc.org/isc/bind9/9.5.2-P2/bind-9.5.2-P2.tar.gz

PGP signatures of the distribution are at:

        ftp://ftp.isc.org/isc/bind9/9.5.2-P2/bind-9.5.2-P2.tar.gz.asc
        ftp://ftp.isc.org/isc/bind9/9.5.2-P2/bind-9.5.2-P2.tar.gz.sha256.asc
        ftp://ftp.isc.org/isc/bind9/9.5.2-P2/bind-9.5.2-P2.tar.gz.sha512.asc

The signatures were generated with the ISC public key, which is
available at https://www.isc.org/about/openpgp

A binary kit for Windows XP, Windows 2003 and Windows 2008 is at:

        ftp://ftp.isc.org/isc/bind9/9.5.2-P2/BIND9.5.2-P2.zip
        ftp://ftp.isc.org/isc/bind9/9.5.2-P2/BIND9.5.2-P2.debug.zip

PGP signatures of the binary kit are at:
        
        ftp://ftp.isc.org/isc/bind9/9.5.2-P2/BIND9.5.2-P2.zip.asc
        ftp://ftp.isc.org/isc/bind9/9.5.2-P2/BIND9.5.2-P2.zip.sha256.asc
        ftp://ftp.isc.org/isc/bind9/9.5.2-P2/BIND9.5.2-P2.zip.sha512.asc
        ftp://ftp.isc.org/isc/bind9/9.5.2-P2/BIND9.5.2-P2.debug.zip.asc
        ftp://ftp.isc.org/isc/bind9/9.5.2-P2/BIND9.5.2-P2.debug.zip.sha256.asc
        ftp://ftp.isc.org/isc/bind9/9.5.2-P2/BIND9.5.2-P2.debug.zip.sha512.asc

Changes since 9.5.2-P1:

2831.   [security]      Do not attempt to validate or cache
                        out-of-bailiwick data returned with a secure
                        answer; it must be re-fetched from its original
                        source and validated in that context. [RT #20819]

2828.   [security]      Cached CNAME or DNAME RR could be returned to clients
                        without DNSSEC validation. [RT #20737]

2827.   [security]      Bogus NXDOMAIN could be cached as if valid. [RT #20712]

-- 
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to