BIND 4.9.8-REL released

Paul A Vixie vixie at
Sat Jan 27 23:42:59 UTC 2001


As promised some years ago, BIND4 has been treated as dead code in favour
of (then) BIND8 and (now) BIND9.  However, also as promised, whenever a
particularly aggregious security flaw is uncovered in BIND4, a new release
will be made.

bind-4.9.8-REL differs in no functional way from bind-4.9.8-t1b.  However,
it will print a different version number (4.9.8-REL rather than 4.9.8-T1B)
when the server starts up.

MD5 (bind-4.9.8-REL.tar.gz) = 54af73af5b4988b23e774e6f2401625f
MD5 (bind-4.9.8-REL.tar.gz.asc) = 3f62c15fe64ecd840b8ada96d1f6ca62

817. [security] do not call syslog() with unbounded network data.

816. [port]     main() is an int.

815. [security] pull in several bind8 protocol handling fixes.

814. [support]  turn off XSTATS by default

813. [port]     add __printflink(), __scanflike() to compat/include/sys/cdefs.h

Disclaimer: BIND4 is dead code, and has a number of other security defects
besides those being fixed in 4.9.8, and should not be run on any name
server which is connected to the internet or connected to a private network
which has more than one user.  To the best of ISC's direct knowledge, there
are known root-level exploits in bind-4.9.8-REL.  However, BIND4 is generally
susceptible to a number of protocol-related "spoofing" attacks that BIND8 and
BIND9 are proof against.  And of course, DNS without DNSSEC will never be
fully proof against this kind of protocol-related "spoofing" attack.

You should be running BIND-9.1.0, or failing that, BIND-8.2.3.

See for more information about ISC and BIND.

Version: 2.6.2
Comment: Processed by Mailcrypt 3.5.5, an Emacs/PGP interface


More information about the bind-announce mailing list