Date: Tue, 24 Nov 2009 16:40:49 +0100 From: Oden Eriksson <oeriksson@...driva.com> To: oss-security@...ts.openwall.com Subject: a new bind issue Hello. A new bind release is out there, it mentions: "It addresses a potential cache poisoning vulnerability, in which data in the additional section of a response could be cached without proper DNSSEC validation." "2772. [security] When validating, track whether pending data was from the additional section or not and only return it if validates as secure. [RT #20438]" A CVE should probably be assigned. -- Regards // Oden Eriksson Security team manager - Mandriva
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.