-o

Date: Fri, 10 Nov 2000 21:07:28 -0800 (PST)
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security]  BIND 8.2.2-P5 DoS vulnerability

BIND version 8.2.2-P5 has a denial of service bug.  The code intended to
provide support for the transfer of compressed zone files can crash the
name server.  More BIND security information can be found at:

   http://www.isc.org/products/BIND/bind8.html

By upgrading to BIND 8.2.2-P7, users can fix this problem.  A new bind.tgz
package is available for users of Slackware Linux 7.0, 7.1, and -current.


 =======================================
 BIND 8.2.2-P7 AVAILABLE - (n1/bind.tgz)
 =======================================

  The denial of service vulnerability that affects BIND 8.2.2-P5 can
  be fixed by upgrading to the new BIND 8.2.2-P7 package.  The new
  bind.tgz is available in the -current branch:

   ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/n1/bind.tgz

  For verification purposes, we provide the following checksums:

   16-bit "sum" checksum:
   41816  1611   n1/bind.tgz

   128-bit MD5 message digest:
   acce19918ebb3cf0159f0690e5d167ae  n1/bind.tgz


  INSTALLATION INSTRUCTIONS FOR THE bind.tgz PACKAGE:
  ---------------------------------------------------
  Be sure to backup your name server configuration files (/etc/named.conf
  and the /var/named directory) for safe measure.  Then stop the name
  server:

         # ndc stop

  Now run upgradepkg on the new BIND package:

         # upgradepkg bind.tgz

  The name server can now be restarted:

         # ndc start



Remember, it's also a good idea to backup configuration files before
upgrading packages.

- Slackware Linux Security Team
  http://www.slackware.com


+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST:                         |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back.  Follow the instructions to  |
| complete the unsubscription.  Do not reply to this message to          |
| unsubscribe!                                                           |
+------------------------------------------------------------------------+