From: tsl@trustix.com To: tsl-announce@trustix.org Subject: TSLSA-2001-0007: bind Date: Fri, 25 May 2001 15:07:15 +0200 Cc: bugtraq@securityfocus.com, linuxlist@securityportal.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2001-0007 Package name: bind Severity: No new security bugs since 8.2.3, but generally a good idea Date: 2001-05-25 Affected versions: TSL 1.01, 1.1, 1.2 - -------------------------------------------------------------------------- Problem description: If you are running a version prior to 8.2.3, you will want to upgrade for security reasons. If you are already running 8.2.3, this is from the announce: Highlights vs. BIND 8.2.3: Fixes long-standing protocol incompatibility in DNSSEC support. Avoids fwd'ing to root name servers if response will be rejected. new port/cygwin contributed by s_c_biggs@bigfoot.com. new contrib/mdnkit (V1.3) from author. new contrib/adm from official ftp site. new contrib/host from author. new contrib/dnsp from author. fixed file descriptor leak in resolver. numerous portability improvements. numerous bug fixes. Action: We recommend that all systems with this package installed are upgraded. If you do not need the functionality provided by this package, you may want to remove it from your system. Location: All TSL updates are available from <URI:http://www.trustix.net/pub/Trustix/updates/> <URI:ftp://ftp.trustix.net/pub/Trustix/updates/> Automatic updates: Users of the SWUP tool, can enjoy having updates automatically installed using 'swup --upgrade'. Get SWUP from: <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/> Questions? Check out our mailing lists: <URI:http://www.trustix.net/support/> Verification: This advisory along with all TSL packages are signed with the TSL sign key. This key available from: <URI:http://www.trustix.net/TSL-GPG-KEY> The advisory itself is available from the errata page at <URI:http://www.trustix.net/errata/trustix-1.2/> or directly at <URI:http://www.trustix.net/errata/misc/2001/TSL-2001-0007-bind.asc.txt> MD5sums of the packages: - -------------------------------------------------------------------------- 3f6c750faf40ee6bce3526fdf98a4f61 ./1.2/SRPMS/bind-8.2.4-1tr.src.rpm b0d75d6d01ffd209aea7facd1df21b96 ./1.2/RPMS/bind-8.2.4-1tr.i586.rpm f79ebe16e479017eaf9c35895f46e9b2 ./1.2/RPMS/bind-devel-8.2.4-1tr.i586.rpm 5f6ca0322140b1693322064527de5980 ./1.2/RPMS/bind-utils-8.2.4-1tr.i586.rpm aa954af954dec1febfbfb173259d4b36 ./1.1/RPMS/bind-8.2.4-1tr.i586.rpm 69417313c7b0c37efb0c62d94a5176e1 ./1.1/RPMS/bind-devel-8.2.4-1tr.i586.rpm 90cbfd8dcdb700cb180523f1d6102749 ./1.1/RPMS/bind-utils-8.2.4-1tr.i586.rpm 3f6c750faf40ee6bce3526fdf98a4f61 ./1.1/SRPMS/bind-8.2.4-1tr.src.rpm - -------------------------------------------------------------------------- Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7Dk0LwRTcg4BxxS0RAnhYAJ0UqgLTTKQaL3gpk3x7iiuJcwHSHQCdEV2c xB5BV8nk8gwBPbJB9DEh1eg= =qSv+ -----END PGP SIGNATURE----- -- Trustix Secure Linux Advisor Homepage: http://www.trustix.net/ Errata: http://www.trustix.net/errata/ Automatic updates: http://www.trustix.net/pub/Trustix/software/swup/ _______________________________________________ tsl-announce mailing list tsl-announce@trustix.org http://www.trustix.org/mailman/listinfo.cgi/tsl-announce