BIND 9.5.2-P1 is now available.
BIND 9.5.2-P1 is a SECURITY PATCH for BIND 9.5.2. It addresses a
potential cache poisoning vulnerability, in which data in the additional
section of a response could be cached without proper DNSSEC validation.
Bugs should be reported to bind9-b...@isc.org.
BIND 9.5.2-P1 can be downloaded from:
ftp://ftp.isc.org/isc/bind9/9.5.2-P1/bind-9.5.2-P1.tar.gz
PGP signatures of the distribution are at:
ftp://ftp.isc.org/isc/bind9/9.5.2-P1/bind-9.5.2-P1.tar.gz.asc
ftp://ftp.isc.org/isc/bind9/9.5.2-P1/bind-9.5.2-P1.tar.gz.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.5.2-P1/bind-9.5.2-P1.tar.gz.sha512.asc
The signatures were generated with the ISC public key, which is
available at https://www.isc.org/about/openpgp
A binary kit for Windows XP, Windows 2003 and Windows 2008 is at:
ftp://ftp.isc.org/isc/bind9/9.5.2-P1/BIND9.5.2-P1.zip
ftp://ftp.isc.org/isc/bind9/9.5.2-P1/BIND9.5.2-P1.debug.zip
PGP signatures of the binary kit are at:
ftp://ftp.isc.org/isc/bind9/9.5.2-P1/BIND9.5.2-P1.zip.asc
ftp://ftp.isc.org/isc/bind9/9.5.2-P1/BIND9.5.2-P1.zip.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.5.2-P1/BIND9.5.2-P1.zip.sha512.asc
ftp://ftp.isc.org/isc/bind9/9.5.2-P1/BIND9.5.2-P1.debug.zip.asc
ftp://ftp.isc.org/isc/bind9/9.5.2-P1/BIND9.5.2-P1.debug.zip.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.5.2-P1/BIND9.5.2-P1.debug.zip.sha512.asc
Changes since 9.5.2:
2772. [security] When validating, track whether pending data was from
the additional section or not and only return it if
validates as secure. [RT #20438]
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
