===================================================================== CERT-Renater Note d'Information No. 2009/VULN111 _____________________________________________________________________ DATE : 24/03/2009 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running BIND versions 9.5.x, 9.4.x. ====================================================================== https://lists.isc.org/pipermail/bind-announce/2009-March/000588.html https://lists.isc.org/pipermail/bind-announce/2009-March/000589.html ______________________________________________________________________ BIND 9.5.1-P2 is now available. BIND 9.5.1-P2 is a SECURITY patch for BIND 9.5.1. It addresses a bug in DNSSEC lookaside validation (DLV): unrecognized signature algorithms, which should have been treated as the equivalent of an unsigned zone, were instead treated as a validation failure. Bugs should be reported to bind9-bugs@isc.org. BIND 9.5.1-P2 can be downloaded from ftp://ftp.isc.org/isc/bind9/9.5.1-P2/bind-9.5.1-P2.tar.gz The PGP signature of the distribution is at ftp://ftp.isc.org/isc/bind9/9.5.1-P2/bind-9.5.1-P2.tar.gz.asc ftp://ftp.isc.org/isc/bind9/9.5.1-P2/bind-9.5.1-P2.tar.gz.sha256.asc ftp://ftp.isc.org/isc/bind9/9.5.1-P2/bind-9.5.1-P2.tar.gz.sha512.asc The signature was generated with the ISC public key, which is available at . A binary kit for Windows XP, Windows 2003 and Windows 2008 is at ftp://ftp.isc.org/isc/bind9/9.5.1-P2/BIND9.5.1-P2.zip ftp://ftp.isc.org/isc/bind9/9.5.1-P2/BIND9.5.1-P2.debug.zip The PGP signature of the binary kit is at ftp://ftp.isc.org/isc/bind9/9.5.1-P2/BIND9.5.1-P2.zip.asc ftp://ftp.isc.org/isc/bind9/9.5.1-P2/BIND9.5.1-P2.zip.sha256.asc ftp://ftp.isc.org/isc/bind9/9.5.1-P2/BIND9.5.1-P2.zip.sha512.asc ftp://ftp.isc.org/isc/bind9/9.5.1-P2/BIND9.5.1-P2.debug.zip.asc ftp://ftp.isc.org/isc/bind9/9.5.1-P2/BIND9.5.1-P2.debug.zip.sha256.asc ftp://ftp.isc.org/isc/bind9/9.5.1-P2/BIND9.5.1-P2.debug.zip.sha512.asc Changes since 9.5.1-P1: --- 9.5.1-P2 released --- 2579. [bug] DNSSEC lookaside validation failed to handle unknown algorithms. [RT #19479] - -- Evan Hunt -- each@isc.org Internet Systems Consortium, Inc. _______________________________________________ _______________________________________________ BIND 9.4.3-P2 is now available. BIND 9.4.3-P2 is a SECURITY patch for BIND 9.4.3. It addresses a bug in DNSSEC lookaside validation (DLV): unrecognized signature algorithms, which should have been treated as the equivalent of an unsigned zone, were instead treated as a validation failure. Bugs should be reported to bind9-bugs@isc.org. BIND 9.4.3-P2 can be downloaded from ftp://ftp.isc.org/isc/bind9/9.4.3-P2/bind-9.4.3-P2.tar.gz The PGP signature of the distribution is at ftp://ftp.isc.org/isc/bind9/9.4.3-P2/bind-9.4.3-P2.tar.gz.asc ftp://ftp.isc.org/isc/bind9/9.4.3-P2/bind-9.4.3-P2.tar.gz.sha256.asc ftp://ftp.isc.org/isc/bind9/9.4.3-P2/bind-9.4.3-P2.tar.gz.sha512.asc The signature was generated with the ISC public key, which is available at . A binary kit for Windows XP, Windows 2003 and Windows 2008 is at ftp://ftp.isc.org/isc/bind9/9.4.3-P2/BIND9.4.3-P2.zip ftp://ftp.isc.org/isc/bind9/9.4.3-P2/BIND9.4.3-P2.debug.zip The PGP signature of the binary kit is at ftp://ftp.isc.org/isc/bind9/9.4.3-P2/BIND9.4.3-P2.zip.asc ftp://ftp.isc.org/isc/bind9/9.4.3-P2/BIND9.4.3-P2.zip.sha256.asc ftp://ftp.isc.org/isc/bind9/9.4.3-P2/BIND9.4.3-P2.zip.sha512.asc ftp://ftp.isc.org/isc/bind9/9.4.3-P2/BIND9.4.3-P2.debug.zip.asc ftp://ftp.isc.org/isc/bind9/9.4.3-P2/BIND9.4.3-P2.debug.zip.sha256.asc ftp://ftp.isc.org/isc/bind9/9.4.3-P2/BIND9.4.3-P2.debug.zip.sha512.asc Changes since 9.4.3-P1: --- 9.4.3-P2 released --- 2579. [bug] DNSSEC lookaside validation failed to handle unknown algorithms. [RT #19479] - -- Evan Hunt -- each@isc.org Internet Systems Consortium, Inc. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================