Date: Tue, 24 Nov 2009 13:40:10 -0500 (EST) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: coley <coley@...re.org> Subject: Re: a new bind issue CVE-2009-4022 Bind versions 9.0.x, 9.1.x, 9.2.x, 9.3.x, 9.4.0 before 9.4.3-P3, 9.5.0, 9.5.1, 9.5.2, 9.6.0, 9.6.1-P1 References: https://www.isc.org/node/504 http://www.kb.cert.org/vuls/id/418861 https://bugzilla.redhat.com/show_bug.cgi?id=538744 Thanks. -- JB ----- "Oden Eriksson" <oeriksson@...driva.com> wrote: > Hello. > > A new bind release is out there, it mentions: > > "It addresses a potential cache poisoning vulnerability, in which data > in the > additional section of a response could be cached without proper DNSSEC > > validation." > > "2772. [security] When validating, track whether pending data > was from > the additional section or not and only return > it if > validates as secure. [RT #20438]" > > > A CVE should probably be assigned. > > > -- > Regards // Oden Eriksson > Security team manager - Mandriva
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.