current-users: [Security Fix] BIND Remote DoS

Subject: [Security Fix] BIND Remote DoS
To: netbsd current <current-users@netbsd.org>
From: Adrian Portelli <adrianp@NetBSD.org>
List: current-users
Date: 07/01/2007 16:20:03

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

On the 30th March 2007 BIND 9.4.0 was imported into HEAD. On the
1st May 2007 the NetBSD Security Officer team became aware of a
security issue in the version imported into HEAD.

The original advisory for this issue can be found at:

 http://www.kb.cert.org/vuls/id/718460

The relevant CVE entry is CVE-2007-2241.

This vulnerability does not exist in the NetBSD 2.x, 3.x or 4.x code
bases. However, NetBSD-current was found to be vulnerable to this issue.

This issue was fixed in the NetBSD CVS tree on the 1st May 2007.
Users currently running NetBSD-current from sources before 1st May 2007,
and are running BIND, are advised to update their sources.

Users running with sources from after 1st May 2007 will have the updated
BIND 9.4.1 which includes a fix for this issue.

Thanks To
=========

Christos Zoulas for the update to 9.4.1 in NetBSD-current.

On behalf of security-officer@,

adrian.
-----BEGIN PGP SIGNATURE-----

iD8DBQFGh8YGLc2rR0mnFJ8RAuhvAKDZ1LxDFix25MHowO0LFFWSy7o9CgCgpzp8
LkI+KMwNCX6DRFNU7xyvP5U=
=fMl7
-----END PGP SIGNATURE-----