ISC BIND 9.5.2-P2 is now available

Evan Hunt each at
Tue Jan 19 17:28:07 UTC 2010

	             BIND 9.5.2-P2 is now available.

BIND 9.5.2-P2 is a SECURITY PATCH for BIND 9.5.2.  It addresses two
potential cache poisoning vulnerabilities, both of which could allow
a validating recursive nameserver to cache data which had not been
authenticated or was invalid.

        Bugs should be reported to bind9-bugs at

CVE identifiers: CVE-2009-4022, CVE-2010-0097
CERT advisories: VU#418861, VU#360341.

Information about these vulnerabilities can be found at:

BIND 9.5.2-P2 can be downloaded from:

PGP signatures of the distribution are at:

The signatures were generated with the ISC public key, which is
available at

A binary kit for Windows XP, Windows 2003 and Windows 2008 is at:

PGP signatures of the binary kit are at:

Changes since 9.5.2-P1:

2831.	[security]	Do not attempt to validate or cache
			out-of-bailiwick data returned with a secure
			answer; it must be re-fetched from its original
			source and validated in that context. [RT #20819]

2828.	[security]	Cached CNAME or DNAME RR could be returned to clients
			without DNSSEC validation. [RT #20737]

2827.	[security]	Bogus NXDOMAIN could be cached as if valid. [RT #20712]

Evan Hunt -- each at
Internet Systems Consortium, Inc.

More information about the bind-workers mailing list