April 19, 2015, 07:16:07 am *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Visit our home page for VL info. To search the old message board go to The first VL forum is temporarily offline until we can find a host for it. Thanks for your patience.
Now powered by KnowledgeDex.
   Home   Help Search Login Register  
Please support VectorLinux!
Pages: [1]
Author Topic: 090117 bind-9.4.3_p1 closes known security vulnerability [VL 5.9, VL 6.0]  (Read 2654 times)
Posts: 2876

« on: January 17, 2009, 05:41:37 pm »

Newly patched bind packages close a known security vulnerability for DNS servers running on VL 5.9, VL 5.9.1, and VL 6.0.  The bind package also provides the client utilities host, dig, and nslookup.

Severity: Low.


Return values from OpenSSL library functions EVP_VerifyFinal()
and DSA_do_verify() were not checked properly.


It is theoretically possible to spoof answers returned from
zones using the DNSKEY algorithms DSA (3) and NSEC3DSA (6).

More details can be found at:

It is also recommended that you upgrade to the new openssl packages.  A new bind package for VL 5.9 and VL 5.9.1 is now available the testing repository.  A new VL 6.0 package should follow shortly.
« Last Edit: January 17, 2009, 06:11:03 pm by caitlyn » Logged

eMachines EL-1300G desktop, 1.6GHz AMD Athlon 2650e CPU, 4GB RAM, nVidia GeForce 6150 SE video
CentOS 6.5 (will try VL64-7.1 soon)

Toshiba Satellite A135-S4727,  Intel Pentium T2080 / 1.73 GHz, 2GB RAM, Intel GMA 950

HP Mini 110 netbook, 1.6GHz Intel Atom CPU, 2GB RAM, Intel 950 video, VL 7.1
Pages: [1]
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!