November 26, 2009

Mandriva Linux Security Advisory 2009:304: bind

Some vulnerabilities were discovered and corrected in bind:

Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5
before 9.5.2-P1, 9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3,
and 9.0.x through 9.3.x with DNSSEC validation enabled and checking
disabled (CD), allows remote attackers to conduct DNS cache poisoning
attacks via additional sections in a response sent for resolution
of a recursive client query, which is not properly handled when the
response is processed at the same time as requesting DNSSEC records
(DO). (CVE-2009-4022).

Additionally BIND has been upgraded to the latest point release or
closest supported version by ISC.

Read More

Click Here!