What Are You Looking For?

Sign Up

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  bind (SSA:2009-014-02)

New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,
11.0, 12.0, 12.1, 12.2, and -current to fix a security issue.

More details about this issue may be found here:
    https://www.ocert.org/advisories/ocert-2008-016.html
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025


Here are the details from the Slackware 12.2 ChangeLog:
+--------------------------+
patches/packages/bind-9.4.3_P1-i486-1_slack12.2.tgz:
  Upgraded to bind-9.4.3-P1.
  Fixed checking on return values from OpenSSL's EVP_VerifyFinal and
  DSA_do_verify functions to prevent spoofing answers returned from zones using
  the DNSKEY algorithms DSA and NSEC3DSA.
  For more information, see:
        https://www.ocert.org/advisories/ocert-2008-016.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT:  Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try.  This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on https://slackware.com for
additional mirror sites near you.

Updated package for Slackware 8.1:

Updated package for Slackware 9.0:

Updated package for Slackware 9.1:

Updated package for Slackware 10.0:

Updated package for Slackware 10.1:

Updated package for Slackware 10.2:

Updated package for Slackware 11.0:

Updated package for Slackware 12.0:

Updated package for Slackware 12.1:

Updated package for Slackware 12.2:

Updated package for Slackware -current:


MD5 signatures:
+-------------+

Slackware 8.1 package:
edd05026b26456ab9d289859938bb814  bind-9.3.6_P1-i386-1_slack8.1.tgz

Slackware 9.0 package:
10231e7f1897922da941a279eb21760d  bind-9.3.6_P1-i386-1_slack9.0.tgz

Slackware 9.1 package:
ce87f93cfd8318cabf0d4e5352a565f0  bind-9.3.6_P1-i486-1_slack9.1.tgz

Slackware 10.0 package:
d7fe61dabf0cdf0c9fcf6abf29678a8f  bind-9.3.6_P1-i486-1_slack10.0.tgz

Slackware 10.1 package:
88969b8ecd35ed1a3c08d4e6272fab60  bind-9.3.6_P1-i486-1_slack10.1.tgz

Slackware 10.2 package:
098df4ea59e7b90c52fe120be3725290  bind-9.3.6_P1-i486-1_slack10.2.tgz

Slackware 11.0 package:
4873a024a185646d814bbd4b0f451a9b  bind-9.3.6_P1-i486-1_slack11.0.tgz

Slackware 12.0 package:
ae63659f57ac78a22213bb1f8ab9c616  bind-9.4.3_P1-i486-1_slack12.0.tgz

Slackware 12.1 package:
5a8618e93640b56f20a59eee0cb39d49  bind-9.4.3_P1-i486-1_slack12.1.tgz

Slackware 12.2 package:
41f9d674367df3a3726c82e58e0de149  bind-9.4.3_P1-i486-1_slack12.2.tgz

Slackware -current package:
d33c44d4b62e4f6eb0ae4ab8b137064c  bind-9.4.3_P1-i486-1.tgz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg bind-9.4.3_P1-i486-1_slack12.2.tgz


+-----+

Slackware: 2009-014-02: bind Security Update

January 15, 2009
New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix a security issue

Summary

Here are the details from the Slackware 12.2 ChangeLog: patches/packages/bind-9.4.3_P1-i486-1_slack12.2.tgz: Upgraded to bind-9.4.3-P1. Fixed checking on return values from OpenSSL's EVP_VerifyFinal and DSA_do_verify functions to prevent spoofing answers returned from zones using the DNSKEY algorithms DSA and NSEC3DSA. For more information, see: https://www.ocert.org/advisories/ocert-2008-016.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025 (* Security fix *)

Where Find New Packages

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on https://slackware.com for additional mirror sites near you.
Updated package for Slackware 8.1:
Updated package for Slackware 9.0:
Updated package for Slackware 9.1:
Updated package for Slackware 10.0:
Updated package for Slackware 10.1:
Updated package for Slackware 10.2:
Updated package for Slackware 11.0:
Updated package for Slackware 12.0:
Updated package for Slackware 12.1:
Updated package for Slackware 12.2:
Updated package for Slackware -current:

MD5 Signatures

Slackware 8.1 package: edd05026b26456ab9d289859938bb814 bind-9.3.6_P1-i386-1_slack8.1.tgz
Slackware 9.0 package: 10231e7f1897922da941a279eb21760d bind-9.3.6_P1-i386-1_slack9.0.tgz
Slackware 9.1 package: ce87f93cfd8318cabf0d4e5352a565f0 bind-9.3.6_P1-i486-1_slack9.1.tgz
Slackware 10.0 package: d7fe61dabf0cdf0c9fcf6abf29678a8f bind-9.3.6_P1-i486-1_slack10.0.tgz
Slackware 10.1 package: 88969b8ecd35ed1a3c08d4e6272fab60 bind-9.3.6_P1-i486-1_slack10.1.tgz
Slackware 10.2 package: 098df4ea59e7b90c52fe120be3725290 bind-9.3.6_P1-i486-1_slack10.2.tgz
Slackware 11.0 package: 4873a024a185646d814bbd4b0f451a9b bind-9.3.6_P1-i486-1_slack11.0.tgz
Slackware 12.0 package: ae63659f57ac78a22213bb1f8ab9c616 bind-9.4.3_P1-i486-1_slack12.0.tgz
Slackware 12.1 package: 5a8618e93640b56f20a59eee0cb39d49 bind-9.4.3_P1-i486-1_slack12.1.tgz
Slackware 12.2 package: 41f9d674367df3a3726c82e58e0de149 bind-9.4.3_P1-i486-1_slack12.2.tgz
Slackware -current package: d33c44d4b62e4f6eb0ae4ab8b137064c bind-9.4.3_P1-i486-1.tgz

Severity
[slackware-security] bind (SSA:2009-014-02)
New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix a security issue.
More details about this issue may be found here: https://www.ocert.org/advisories/ocert-2008-016.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025

Installation Instructions

Installation instructions: Upgrade the packages as root: # upgradepkg bind-9.4.3_P1-i486-1_slack12.2.tgz

Related News

691 Malicious npm Packages and 49 PyPI Components Containing Crypto-Miners, Remote Access Trojans Discovered

Feb 22, 2023

Researchers Uncover 700+ Malicious Open Source Packages

Feb 22, 2023

News

Advisories

HOWTOs

Features

A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug
Cyber Law in the Realm of Open-Source Software Security

About Us

Powered By

Footer Logo