Thursday, July 30, 2009

Security Update: BIND

A patched BIND package has been released today on -Current along with ICS announcement about new releases of all current versions BIND 9 in response to CERT Vulnerability Note VU#725188.

Here's the latest -Current changelog:
Wed Jul 29 23:10:01 CDT 2009
n/bind-9.4.3_P3-i486-1.txz: Upgraded.
This BIND update fixes a security problem where a specially crafted dynamic update message packet will cause named to exit resulting in a denial of service.
An active remote exploit is in wide circulation at this time.
For more information, see:
(* Security fix *)