Please login or register.

Login with username, password and session length
Advanced search  


Visit our home page for VL info. For support and documentation, visit the Vector Linux Knowledge Center or search the Knowledge Center and this Forum using the search box above.

Author Topic: 090117 bind-9.4.3_p1 closes known security vulnerability [VL 5.9, VL 6.0]  (Read 2879 times)


  • Packager
  • Vectorian
  • ****
  • Posts: 2880
    • The Linux Works

Newly patched bind packages close a known security vulnerability for DNS servers running on VL 5.9, VL 5.9.1, and VL 6.0.  The bind package also provides the client utilities host, dig, and nslookup.

Severity: Low.


Return values from OpenSSL library functions EVP_VerifyFinal()
and DSA_do_verify() were not checked properly.


It is theoretically possible to spoof answers returned from
zones using the DNSKEY algorithms DSA (3) and NSEC3DSA (6).

More details can be found at:

It is also recommended that you upgrade to the new openssl packages.  A new bind package for VL 5.9 and VL 5.9.1 is now available the testing repository.  A new VL 6.0 package should follow shortly.
« Last Edit: January 17, 2009, 06:11:03 pm by caitlyn »
eMachines EL-1300G desktop, 1.6GHz AMD Athlon 2650e CPU, 4GB RAM, nVidia GeForce 6150 SE video
CentOS 6.5 (will try VL64-7.1 soon)

Toshiba Satellite A135-S4727,  Intel Pentium T2080 / 1.73 GHz, 2GB RAM, Intel GMA 950

HP Mini 110 netbook, 1.6GHz Intel Atom CPU, 2GB RAM, Intel 950 video, VL 7.1