From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1961-1
[email protected] http://www.debian.org/security/ Florian Weimer December 23, 2009
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : bind9
Vulnerability : DNS cache poisoning
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-4022
CERT advisory : VU#418861
Michael Sinatra discovered that the DNS resolver component in BIND
does not properly check DNS records contained in additional sections
of DNS responses, leading to a cache poisoning vulnerability. This vulnerability is only present in resolvers which have been configured
with DNSSEC trust anchors, which is still rare.
Note that this update contains an internal ABI change, which means
that all BIND-related packages (bind9, dnsutils and the library
packages) must be updated at the same time (preferably using "apt-get
update" and "apt-get upgrade"). In the unlikely event that you have
compiled your own software against libdns, you must recompile this
programs, too.
For the old stable distribution (etch), this problem has been fixed in
version 9.3.4-2etch6.
For the stable distribution (lenny), this problem has been fixed in
version 9.5.1.dfsg.P3-1+lenny1.
For the unstable distribution (sid) and the testing distribution
(squeeze), this problem has been fixed in version 9.6.1.dfsg.P2-1.
We recommend that you upgrade your bind9 packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch6.dsc
Size/MD5 checksum: 1197 d3beeb379e5a9060ff85d0e5fe1f4cdc
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch6.diff.gz
Size/MD5 checksum: 306175 7445be7f529dc3d687c0fea88ac5a884
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4.orig.tar.gz
Size/MD5 checksum: 4043577 198181d47c58a0a9c0265862cd5557b0
Architecture independent packages:
http://security.debian.org/pool/updates/main/b/bind9/bind9-doc_9.3.4-2etch6_all.deb
Size/MD5 checksum: 188002 9dc53693ecaf634e575d143a69bcc114
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch6_alpha.deb
Size/MD5 checksum: 112898 3c6cbf22fdc323c01ec07cb73a694da5
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch6_alpha.deb
Size/MD5 checksum: 96804 2dce8fa4839afdb7cd7978441730cb93
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch6_alpha.deb
Size/MD5 checksum: 190380 6d90a6c9dc2f56d8758905268018abe6
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch6_alpha.deb
Size/MD5 checksum: 98442 d3b11b7455b05da56854056ec87bceaf
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch6_alpha.deb
Size/MD5 checksum: 322790 bbae8920241678e02fdf1ae76f6a3ecf
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch6_alpha.deb
Size/MD5 checksum: 565386 2172829c5c516525918640016ac1d150
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch6_alpha.deb
Size/MD5 checksum: 1408296 d18422a7be509618b9346be2bf89363d
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch6_alpha.deb
Size/MD5 checksum: 226618 1510626801d055e8b73fce4b4fc2f391
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch6_alpha.deb
Size/MD5 checksum: 189048 f49fc4bab077e3f6d1ff2b4b7ee3bd02
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch6_alpha.deb
Size/MD5 checksum: 116080 3dda23b2b2d41e22387328eabc03685a
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch6_alpha.deb
Size/MD5 checksum: 116826 ba1dda40c1c2ca155d783d888923e283
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch6_amd64.deb
Size/MD5 checksum: 187618 a3c467c04a1f23adc36d7f762340e393
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch6_amd64.deb
Size/MD5 checksum: 1112730 451db12dd13c99c04104e1986d2a1bbf
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch6_amd64.deb
Size/MD5 checksum: 117146 a4cd7a9f376764a712d087e810ed79db
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch6_amd64.deb
Size/MD5 checksum: 114570 b5c10f357828e5a45cd5b25f506ea6ce
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch6_amd64.deb
Size/MD5 checksum: 111234 a49f8b597b3a94c598e3ad22619215db
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch6_amd64.deb
Size/MD5 checksum: 96562 a595ac6376641b5ed782a3c502a595d6
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch6_amd64.deb
Size/MD5 checksum: 224624 c1e9e93595ef187277ac28c90f24ba17
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch6_amd64.deb
Size/MD5 checksum: 95784 a90a823842c36fa93bad7aa34af81353
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch6_amd64.deb
Size/MD5 checksum: 552518 1bc641cd54d97a8bb93d26605d43e513
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch6_amd64.deb
Size/MD5 checksum: 191058 2c9d25581dc50e1ce782204eca136930
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch6_amd64.deb
Size/MD5 checksum: 319834 18d6837cdfd40841b3e24a208833d367
arm architecture (ARM)
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)