BIND 8.2.7 Release

Mark_Andrews at isc.org Mark_Andrews at isc.org
Sun Nov 17 05:58:00 UTC 2002 

			BIND 8.2.7 Release

BIND 8.2.7 is security release.  BIND 8.3.4 and BIND 4.9.11 are being
released simultaneously.

The recommended version to use is BIND 9.2.1.  If for whatever reason you
must run BIND 8, use nothing earlier than 8.2.7-REL, 8.3.4-REL.  Do not
under any circumstances run BIND 4.

'named' is *not* vulnerable to this security problem.

Highlights vs. 8.2.7
        Security Fix DoS and buffer overrun.

Highlights vs. 8.2.5
        Security Fix libbind.  All applications linked against libbind
        need to relinked.

the distribution files are:

ftp://ftp.isc.org/isc/bind/src/8.2.7/bind-src.tar.gz
ftp://ftp.isc.org/isc/bind/src/8.2.7/bind-doc.tar.gz
ftp://ftp.isc.org/isc/bind/src/8.2.7/bind-contrib.tar.gz

the pgp signature files are:

ftp://ftp.isc.org/isc/bind/src/8.2.7/bind-src.tar.gz.asc
ftp://ftp.isc.org/isc/bind/src/8.2.7/bind-doc.tar.gz.asc
ftp://ftp.isc.org/isc/bind/src/8.2.7/bind-contrib.tar.gz.asc

the md5 checksums are:

MD5 (bind-contrib.tar.gz) = 2431acad9433d7c0442843eb79ac7708
MD5 (bind-contrib.tar.gz.asc) = aa19a16ad09d53d3111dd973a8f71fda
MD5 (bind-doc.tar.gz) = 3761a6501d65b3dbb11ac30b796b23a2
MD5 (bind-doc.tar.gz.asc) = 3aa77127d4dcb69b809ed059f64486c8
MD5 (bind-src.tar.gz) = 88590b3d4b7ea83728d36d3f0c7eeaf2
MD5 (bind-src.tar.gz.asc) = c01994454d71183a550b12064193e6df

Windows NT / Windows 2000 binary distribution.

	Not Available.  Upgrade to BIND 8.3.4 or BIND 9.2.1.

top of CHANGES says:

        --- 8.2.7-REL released --- (Fri Nov 15 00:55:19 PST 2002)

1469.   [bug]           buffer length calculation for PX was wrong.

1468.   [bug]           ns_name_ntol() could overwite a zero length buffer.

1466.   [bug]           large ENDS UDP buffer size could trigger a assertion.

1465.   [bug]           possible NULL pointer dereference in db_sec.c

1464.   [bug]           the buffer used to construct the -ve record was not
                        big enough for all possible SOA records.  use pointer
                        arithmetic to calculate the remaining size in this
                        buffer.

1463.   [bug]           use serial space arithmetic to determine if a SIG is
                        too old, in the future or has internally constistant
                        times.

1462.   [bug]           write buffer overflow in make_rr().

1345.   [port]          64k answer buffers were causing stack space to be
                        exceeded for certian OS.  Use heap space instead.

1300.   [bug]           read buffer overflows.

        --- 8.2.6-REL released --- (Wed Jun 26 21:15:43 PDT 2002)

More information about the bind-announce mailing list