Explore top 10 tips to secure your open-source projects now. Read More
×It was discovered that BIND, an implementation of the DNS protocol
suite, does not properly check the result of an OpenSSL function which
is used to verify DSA cryptographic signatures. As a result,
incorrect DNS resource records in zones protected by DNSSEC could be
accepted as genuine.
For the stable distribution (etch), this problem has been fixed in
version 9.3.4-2etch4.
For the unstable distribution (sid) and the testing distribution
(lenny), this problem will be fixed soon.
We recommend that you upgrade your BIND packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
...
Get the latest Linux and open source security news straight to your inbox.