BIND 9.8.0-P1 is now available for download

Larissa Shapiro larissas at isc.org
Fri May 6 16:25:21 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


BIND 9.8.0-P1 is now available for download.

This release fixes one security related issue. The full up to date
advisory regarding this issue is available at:
https://www.isc.org/CVE-2011-1907. A text version of the advisory will
be provided for ease of use, but this advisory may be updated. The url
will have the up to date version.

This release, and its OpenPGP-signatures are available now from:

ftp://ftp.isc.org/isc/bind9/9.8.0-P1/bind-9.8.0-P1.tar.gz
ftp://ftp.isc.org/isc/bind9/9.8.0-P1/bind-9.8.0-P1.tar.gz.sha512.asc
ftp://ftp.isc.org/isc/bind9/9.8.0-P1/bind-9.8.0-P1.tar.gz.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.8.0-P1/bind-9.8.0-P1.tar.gz.sha1.asc

ISC's Release Signing Key can be obtained at:

http://www.isc.org/about/openpgp/

BIND 9.8.0-P1 Release Notes:

Introduction

BIND 9.8.0-P1 is security patch for BIND 9.8.0.

Please see the CHANGES file in the source code release for a complete
list of all changes.

Download

The latest development versions of BIND 9 software can always be found
on our web site at http://www.isc.org/downloads/development. There you
will find additional information about each release, source code, and
some pre-compiled versions for certain operating systems.

Support

Product support information is available on
http://www.isc.org/services/support for paid support options. Free
support is provided by our user community via a mailing list.
Information on all public email lists is available at
https://lists.isc.org/mailman/listinfo.

Security Fixes

9.8.0-P1

* BIND 9.8.0 introduced Response Policy Zones (RPZ), a mechanism for
modifying DNS responses returned by a recursive server according to
a set of rules which are either defined locally or imported from a
reputation provider.
In typical configurations, RPZ is used to force negative (NXDOMAIN)
responses for untrusted names. However, it can also be used to
replace the answer for a given query, returning a positive response
defined by local policy.
In BIND 9.8.0, when an RPZ was configured to replace the answer
RRset for a given name, a query of type RRSIG for that name could
trigger an assertion failure and cause the name server process to
exit. [RT #24280] [CVE-2011-1907]

Known issues in this release

* None.

Thank You

Thank you to everyone who assisted us in making this release possible.
If you would like to contribute to ISC to assist us in continuing to
make quality open source software, please visit our donations page at
http://www.isc.org/supportisc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJNxCDxAAoJEBOIp87tasiU87AH/RJ5hcSeloDQ4TLJtoFrP3zl
SFQSc9YwqL++0JsrmTkkBoamlkrH+qshSDerOQgCpPIdouzEnrdxg/44eEeyIzzk
8sg/kzgoWhGY5k8qpj4Ncx9fiqZpbdNZbB2IP8QjvH685hLDP/pWK/wGioEQs7Og
pOQ7FOW7LF1Ed9gdzg7v5AT9z+VvaqTfdux2NGS4jSjrDvCNmljBhG9y1ah/oKaE
USSJHIv+lBw7Gs36rJB/01rWV+SRZfR/rWmtNqUidwnzv0woD4Qf0b33oQdu2av5
cpr0hozAQivW8bcdICzZqxEDUefvv/RBJJUZAEEalBDcN8y7xaNvLGCUK/1qSSw=
=N+sg
-----END PGP SIGNATURE-----




More information about the bind-workers mailing list