Thursday, July 10, 2008

Security Updates: Firefox, Seamonkey, Bind

Three security updates and one updated package has gone through -Stable and -Current. Bind and Seamonkey goes to -Current along with updated Pidgin package to make it work again with ICQ protocol which has been changed recently, while Firefox is also added in -Stable tree, because in -Current, Firefox 3 has been included to replace Firefox 2. Here's the latest -Current changelog:
Wed Jul 9 20:48:22 CDT 2008
Upgraded to bind-9.4.2-P1.
This upgrade addresses a security flaw known as the CERT VU#800113 DNS Cache Poisoning Issue. This is the summary of the problem from the BIND site: "A weakness in the DNS protocol may enable the poisoning of caching recurive resolvers with spoofed data. DNSSEC is the only full solution. New versions of BIND provide increased resilience to the attack." It is suggested that sites that run BIND upgrade to one of the new packages in order to reduce their exposure to DNS cache poisoning attacks.
For more information, see:
(* Security fix *)

xap/pidgin-2.4.3-i486-1.tgz: Upgraded to pidgin-2.4.3.
This updates pidgin to work with the changed ICQ protocol.

Upgraded to seamonkey-1.1.10.
This release closes several possible security vulnerabilities and bugs.
For more information, see:
(* Security fix *)