oss-sec mailing list archives
a new bind issue
From: Oden Eriksson <oeriksson () mandriva com>
Date: Tue, 24 Nov 2009 16:40:49 +0100
Hello. A new bind release is out there, it mentions: "It addresses a potential cache poisoning vulnerability, in which data in the additional section of a response could be cached without proper DNSSEC validation." "2772. [security] When validating, track whether pending data was from the additional section or not and only return it if validates as secure. [RT #20438]" A CVE should probably be assigned. -- Regards // Oden Eriksson Security team manager - Mandriva
Current thread:
- a new bind issue Oden Eriksson (Nov 24)
- Re: a new bind issue Josh Bressers (Nov 24)
- <Possible follow-ups>
- Re: a new bind issue Josh Bressers (Nov 24)
- Re: a new bind issue Steven M. Christey (Nov 24)
- Re: a new bind issue Josh Bressers (Nov 24)
- Re: a new bind issue Steven M. Christey (Nov 24)