BIND 9.5.2-P4 is now available.

Mark Andrews marka at isc.org
Thu May 20 03:43:06 UTC 2010 

	             BIND 9.5.2-P4 is now available.

BIND 9.5.2-P4 is a recommended patch for BIND 9.5.  It addresses
a bug introduced in BIND 9.5.2-P3 and is recommend for anyone running
BIND 9.5.2-P3.

        Bugs should be reported to bind9-bugs at isc.org.

BIND 9.5.2-P4 can be downloaded from:

	ftp://ftp.isc.org/isc/bind9/9.5.2-P4/bind-9.5.2-P4.tar.gz

PGP signatures of the distribution are at:

	ftp://ftp.isc.org/isc/bind9/9.5.2-P4/bind-9.5.2-P4.tar.gz.asc
	ftp://ftp.isc.org/isc/bind9/9.5.2-P4/bind-9.5.2-P4.tar.gz.sha256.asc
	ftp://ftp.isc.org/isc/bind9/9.5.2-P4/bind-9.5.2-P4.tar.gz.sha512.asc

The signatures were generated with the ISC public key, which is
available at https://www.isc.org/about/openpgp

A binary kit for Windows XP, Windows 2003 and Windows 2008 is at:

	ftp://ftp.isc.org/isc/bind9/9.5.2-P4/BIND9.5.2-P4.zip
	ftp://ftp.isc.org/isc/bind9/9.5.2-P4/BIND9.5.2-P4.debug.zip

PGP signatures of the binary kit are at:
	
	ftp://ftp.isc.org/isc/bind9/9.5.2-P4/BIND9.5.2-P4.zip.asc
	ftp://ftp.isc.org/isc/bind9/9.5.2-P4/BIND9.5.2-P4.zip.sha256.asc
	ftp://ftp.isc.org/isc/bind9/9.5.2-P4/BIND9.5.2-P4.zip.sha512.asc
	ftp://ftp.isc.org/isc/bind9/9.5.2-P4/BIND9.5.2-P4.debug.zip.asc
	ftp://ftp.isc.org/isc/bind9/9.5.2-P4/BIND9.5.2-P4.debug.zip.sha256.asc
	ftp://ftp.isc.org/isc/bind9/9.5.2-P4/BIND9.5.2-P4.debug.zip.sha512.asc

Changes since 9.5.2:

	--- 9.5.2-P4 released ---

2876.	[bug]		Named could return SERVFAIL for negative responses
			from unsigned zones. [RT #21131]

	--- 9.5.2-P3 released ---

2852.	[bug]		Handle broken DNSSEC trust chains better. [RT #15619]

	--- 9.5.2-P2 released ---

2831.	[security]	Do not attempt to validate or cache
			out-of-bailiwick data returned with a secure
			answer; it must be re-fetched from its original
			source and validated in that context. [RT #20819]

2828.	[security]	Cached CNAME or DNAME RR could be returned to clients
			without DNSSEC validation. [RT #20737]

2827.	[security]	Bogus NXDOMAIN could be cached as if valid. [RT #20712]

	--- 9.5.2-P1 released ---

2772.	[security]	When validating, track whether pending data was from
			the additional section or not and only return it if
			validates as secure. [RT #20438]

	--- 9.5.2 released ---
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE:	+61 2 9871 4742		         INTERNET: marka at isc.org

More information about the bind-users mailing list