Subject: [Security Fix] BIND Remote DoS
To: netbsd current <firstname.lastname@example.org>
From: Adrian Portelli <adrianp@NetBSD.org>
Date: 07/01/2007 16:20:03
-----BEGIN PGP SIGNED MESSAGE-----
On the 30th March 2007 BIND 9.4.0 was imported into HEAD. On the
1st May 2007 the NetBSD Security Officer team became aware of a
security issue in the version imported into HEAD.
The original advisory for this issue can be found at:
The relevant CVE entry is CVE-2007-2241.
This vulnerability does not exist in the NetBSD 2.x, 3.x or 4.x code
bases. However, NetBSD-current was found to be vulnerable to this issue.
This issue was fixed in the NetBSD CVS tree on the 1st May 2007.
Users currently running NetBSD-current from sources before 1st May 2007,
and are running BIND, are advised to update their sources.
Users running with sources from after 1st May 2007 will have the updated
BIND 9.4.1 which includes a fix for this issue.
Christos Zoulas for the update to 9.4.1 in NetBSD-current.
On behalf of security-officer@,
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----