BIND 9.4.3-P1 is now available

Rob_Austein at isc.org Rob_Austein at isc.org
Wed Jan 7 19:23:20 UTC 2009


		BIND 9.4.3-P1 is now available.

BIND 9.4.3-P1 is a SECURITY patch for BIND 9.4.3.  It addresses a bug
in which return values from some OpenSSL functions were left unchecked,
making it theoretically possible to spoof answers from some signed
zones.

	Bugs should be reported to bind9-bugs at isc.org.

BIND 9.4.3-P1 can be downloaded from

	ftp://ftp.isc.org/isc/bind9/9.4.3-P1/bind-9.4.3-P1.tar.gz

The PGP signature of the distribution is at

	ftp://ftp.isc.org/isc/bind9/9.4.3-P1/bind-9.4.3-P1.tar.gz.asc
	ftp://ftp.isc.org/isc/bind9/9.4.3-P1/bind-9.4.3-P1.tar.gz.sha256.asc
	ftp://ftp.isc.org/isc/bind9/9.4.3-P1/bind-9.4.3-P1.tar.gz.sha512.asc

The signature was generated with the ISC public key, which is
available at <http://www.isc.org/ISC/isckey.txt>.

A binary kit for Windows XP and Window 2003 is at

	ftp://ftp.isc.org/isc/bind9/9.4.3-P1/BIND9.4.3-P1.zip
	ftp://ftp.isc.org/isc/bind9/9.4.3-P1/BIND9.4.3-P1.debug.zip

The PGP signature of the binary kit for Windows XP and Window 2003 is at
	
	ftp://ftp.isc.org/isc/bind9/9.4.3-P1/BIND9.4.3-P1.zip.asc
	ftp://ftp.isc.org/isc/bind9/9.4.3-P1/BIND9.4.3-P1.zip.sha256.asc
	ftp://ftp.isc.org/isc/bind9/9.4.3-P1/BIND9.4.3-P1.zip.sha512.asc
	ftp://ftp.isc.org/isc/bind9/9.4.3-P1/BIND9.4.3-P1.debug.zip.asc
	ftp://ftp.isc.org/isc/bind9/9.4.3-P1/BIND9.4.3-P1.debug.zip.sha256.asc
	ftp://ftp.isc.org/isc/bind9/9.4.3-P1/BIND9.4.3-P1.debug.zip.sha512.asc

Changes since 9.4.3:

2522.	[security]	Handle -1 from DSA_do_verify().

2498.	[bug]		Removed a bogus function argument used with
			ISC_SOCKET_USE_POLLWATCH: it could cause compiler
			warning or crash named with the debug 1 level
			of logging. [RT #18917]




More information about the bind-announce mailing list