2 replies to this topic

[AplusWebMaster]

FYI...

- http://isc.sans.org/...ml?storyid=3187
Last Updated: 2007-07-25 03:08:02 UTC
"The Internet Systems Consortium has announced updates to BIND that address CVE-2007-2926.
From their announcements:
BIND 9.4.1-P1 can be downloaded from

> http://nvd.nist.gov/...e=CVE-2007-2925
ftp://ftp.isc.org/isc/bind9/9.4.1-P1/bind-9.4.1-P1.tar.gz
The PGP signature of the distribution is at
ftp://ftp.isc.org/isc/bind9/9.4.1-P1/bind...1-P1.tar.gz.asc
ftp://ftp.isc.org/isc/bind9/9.4.1-P1/bind...r.gz.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.4.1-P1/bind...r.gz.sha512.asc

BIND 9.3.4-P1 can be downloaded from
ftp://ftp.isc.org/isc/bind9/9.3.4-P1/bind-9.3.4-P1.tar.gz
The PGP signature of the distribution is at
ftp://ftp.isc.org/isc/bind9/9.3.4-P1/bind...4-P1.tar.gz.asc
ftp://ftp.isc.org/isc/bind9/9.3.4-P1/bind...r.gz.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.3.4-P1/bind...r.gz.sha512.asc

BIND 9.2.8-P1 can be downloaded from
ftp://ftp.isc.org/isc/bind9/9.2.8-P1/bind-9.2.8-P1.tar.gz
The PGP signature of the distribution is at
ftp://ftp.isc.org/isc/bind9/9.2.8-P1/bind...8-P1.tar.gz.asc
ftp://ftp.isc.org/isc/bind9/9.2.8-P1/bind...r.gz.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.2.8-P1/bind...r.gz.sha512.asc

BIND 9.5.0a6 can be downloaded from
ftp://ftp.isc.org/isc/bind9/9.5.0a6/bind-9.5.0a6.tar.gz
The PGP signature of the distribution is at
ftp://ftp.isc.org/isc/bind9/9.5.0a6/bind-9.5.0a6.tar.gz.asc
ftp://ftp.isc.org/isc/bind9/9.5.0a6/bind-...r.gz.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.5.0a6/bind-...r.gz.sha512.asc
These signatures were generated with the ISC public key, which is
available at < http://www.isc.org/a.../pgpkey2006.txt >"

> http://nvd.nist.gov/...e=CVE-2007-2926
> http://nvd.nist.gov/...e=CVE-2007-2925
Original release date: 7/24/2007
Last revised: 7/24/2007
Source: US-CERT/NIST

> http://en.wikipedia....server_software

.

Edited by AplusWebMaster, 25 July 2007 - 11:54 AM.

[AplusWebMaster]

FYI...

Multiple Vulnerabilities in ISC BIND 9
- http://www.us-cert.g...ies_in_isc_bind
updated July 27, 2007 - "US-CERT is aware of two vulnerabilities in ISC BIND that may allow an arbitrary, remote user to make recursive queries or perform DNS cache poisoning attacks. More information regarding these vulnerabilities, workarounds, and fixes can be found in the Vulnerability Notes Database* or on the ISC BIND Vulnerabilities page**."

* http://www.kb.cert.org/vuls/id/252735

** http://www.isc.org/i...nd-security.php

[AplusWebMaster]

FYI...

BIND 8 End Of Life
- http://www.isc.org/i...d/bind8-eol.php
"ISC is announcing BIND 8 to be End of Life as of today, 27 August 2007. ISC strongly encourages users who depend on BIND 8 to migrate to BIND 9 as soon as possible.
It's never easy to retire a product. The security issues of BIND 8 are many, and 7 years after the release of BIND 9, ISC must devote our efforts to maintaining and enhancing the current version. BIND 9 was always intended as a replacement for BIND 8, thus there are no more BIND 8 releases planned beyond 8.4.7-P1, being released today..."

.