Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 1703-1] New bind9 packages fix cryptographic weakness (

From Florian Weimer@1:229/2 to All on Mon Jan 12 22:30:15 2009

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1703-1 [email protected] http://www.debian.org/security/ Florian Weimer January 12, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : bind9
Vulnerability : interpretation conflict
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-0025

It was discovered that BIND, an implementation of the DNS protocol
suite, does not properly check the result of an OpenSSL function which
is used to verify DSA cryptographic signatures. As a result,
incorrect DNS resource records in zones protected by DNSSEC could be
accepted as genuine.

For the stable distribution (etch), this problem has been fixed in
version 9.3.4-2etch4.

For the unstable distribution (sid) and the testing distribution
(lenny), this problem will be fixed soon.

We recommend that you upgrade your BIND packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch4.dsc
Size/MD5 checksum: 1197 aa679c6e3106b422fa8de952556cc98e
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch4.diff.gz
Size/MD5 checksum: 302859 12d089f391d6ac1a60e2a7b7b8c49f42
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4.orig.tar.gz
Size/MD5 checksum: 4043577 198181d47c58a0a9c0265862cd5557b0

Architecture independent packages:

http://security.debian.org/pool/updates/main/b/bind9/bind9-doc_9.3.4-2etch4_all.deb
Size/MD5 checksum: 187564 d3609a90363331288018fcdbba29a047

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch4_alpha.deb
Size/MD5 checksum: 226154 9adec25147fa3f2c85cef36c75148335
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch4_alpha.deb
Size/MD5 checksum: 96576 8ca632cac9163decf3c3dd24a373cc1b
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch4_alpha.deb
Size/MD5 checksum: 112678 273ba2508722416d3a7090153922c01e
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch4_alpha.deb
Size/MD5 checksum: 98226 eef74b1024e184fcea8a09f3800cf544
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch4_alpha.deb
Size/MD5 checksum: 190164 7eac73aae4fabfcfec8e9ecdcde45ff5
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch4_alpha.deb
Size/MD5 checksum: 322348 a5a5ea6ddbfaab6c8aeaf247d1c95874
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch4_alpha.deb
Size/MD5 checksum: 116594 61d56b68f75ef2693169176efa07512e
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch4_alpha.deb
Size/MD5 checksum: 564948 2827fe2266733bd0439ec8a22f167f25
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch4_alpha.deb
Size/MD5 checksum: 115860 0bb76803abf4d4799c7d2a64cd0af449
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch4_alpha.deb
Size/MD5 checksum: 1407512 95c550a74d02dbe81886f33499e249cc
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch4_alpha.deb
Size/MD5 checksum: 188806 420104ba72fe220ae0e7eff269fc086d

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch4_amd64.deb
Size/MD5 checksum: 317636 d5841784354f118901f08f48a0e886e8
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch4_amd64.deb
Size/MD5 checksum: 96156 ce4d2168a261c296f6b60dc2c52a0ac0
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch4_amd64.deb
Size/MD5 checksum: 224438 460704b96b0b279f5f54346a02356f18
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch4_amd64.deb
Size/MD5 checksum: 190758 21f6b7f6dca59161cf1ba423b97a013e
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch4_amd64.deb
Size/MD5 checksum: 552562 4cdcf10ca2572737e63c6269e4d7ef6b
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch4_amd64.deb
Size/MD5 checksum: 117040 24dd657bb0b671a48fb1498948fdca41
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch4_amd64.deb
Size/MD5 checksum: 114878 02b9e3b075f638e91b92248e40f46cea
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch4_amd64.deb
Size/MD5 checksum: 1107812 587e9613589665f4ccecac2d1bb7c4e7
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch4_amd64.deb
Size/MD5 checksum: 187666 e359081c8f81d6380655bc563a844803
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch4_amd64.deb
Size/MD5 checksum: 96942 07f2b24d6f2815bb4fcad64a206d21b2
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch4_amd64.deb
Size/MD5 checksum: 111304 f85b9997f97e24dd1c972a6c25d3713f

arm architecture (ARM)

http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch4_arm.deb
Size/MD5 checksum: 95824 cd0dbfd76dc1a9a7ae66c3d17dd2c076
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch4_arm.deb
Size/MD5 checksum: 187430 4d066c4c8fda96616654f0e5c5f269d4
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch4_arm.deb
Size/MD5 checksum: 532276 f15132b68c23e3a2b7bcbb1d0c7e9e1c
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch4_arm.deb
Size/MD5 checksum: 116148 821abd04e8459db5bd026dce7c5007c8
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch4_arm.deb
Size/MD5 checksum: 112778 b0737de9602f9844b17f8c79c0c7bee9

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Ab Cadd
  Sat Jun 6 15:42:53 2026
  from Sheboygan, Wi via Telnet
- Centurion
  Sat Jun 6 15:32:28 2026
  from Berea, Ohio via Telnet
- Krenn
  Sat Jun 6 11:38:56 2026
  from Sydney, Nsw via Telnet
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Fri Jun 5 17:52:51 2026
  from Sheboygan, Wi via Telnet
- Gwylbert
  Fri Jun 5 06:28:52 2026
  from Sydney, Nsw via Telnet
- Centurion
  Thu Jun 4 23:42:23 2026
  from Berea, Ohio via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (2 / 14)
Uptime:	151:30:21
Calls:	12,091
Calls today:	4
Files:	15,000
Messages:	6,517,607

[SECURITY] [DSA 1703-1] New bind9 packages fix cryptographic weakness (

Who's Online

Recent Visitors

System Info