BIND 9.3.6-P1 is now available
Rob_Austein at isc.org
Rob_Austein at isc.org
Wed Jan 7 19:25:11 UTC 2009
BIND 9.3.6-P1 is now available.
BIND 9.3.6-P1 is a SECURITY patch for BIND 9.3.6. It addresses a bug
in which return values from some OpenSSL functions were left unchecked,
making it theoretically possible to spoof answers from some signed
zones.
Bugs should be reported to bind9-bugs at isc.org.
BIND 9.3.6-P1 can be downloaded from
ftp://ftp.isc.org/isc/bind9/9.3.6-P1/bind-9.3.6-P1.tar.gz
The PGP signature of the distribution is at
ftp://ftp.isc.org/isc/bind9/9.3.6-P1/bind-9.3.6-P1.tar.gz.asc
ftp://ftp.isc.org/isc/bind9/9.3.6-P1/bind-9.3.6-P1.tar.gz.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.3.6-P1/bind-9.3.6-P1.tar.gz.sha512.asc
The signature was generated with the ISC public key, which is
available at <http://www.isc.org/ISC/isckey.txt>.
A binary kit for Windows XP and Window 2003 is at
ftp://ftp.isc.org/isc/bind9/9.3.6-P1/BIND9.3.6-P1.zip
ftp://ftp.isc.org/isc/bind9/9.3.6-P1/BIND9.3.6-P1.debug.zip
The PGP signature of the binary kit for Windows XP and Window 2003 is at
ftp://ftp.isc.org/isc/bind9/9.3.6-P1/BIND9.3.6-P1.zip.asc
ftp://ftp.isc.org/isc/bind9/9.3.6-P1/BIND9.3.6-P1.zip.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.3.6-P1/BIND9.3.6-P1.zip.sha512.asc
ftp://ftp.isc.org/isc/bind9/9.3.6-P1/BIND9.3.6-P1.debug.zip.asc
ftp://ftp.isc.org/isc/bind9/9.3.6-P1/BIND9.3.6-P1.debug.zip.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.3.6-P1/BIND9.3.6-P1.debug.zip.sha512.asc
Changes since 9.3.6:
2522. [security] Handle -1 from DSA_do_verify().
2498. [bug] Removed a bogus function argument used with
ISC_SOCKET_USE_POLLWATCH: it could cause compiler
warning or crash named with the debug 1 level
of logging. [RT #18917]
More information about the bind-announce
mailing list