Thursday, July 24, 2008

Errata: 004_bind for 4.3

PuffyThe OpenBSD team has released a new errata for 4.2 (013_bind) and 4.3 (004_bind) to fix a security issue with bind (the name server in OpenBSD).

From the 4.3 errata page:
A vulnerability has been found with BIND. An attacker could use this vulnerability to poison the cache of a recursive resolving name server. (CVE-2008-1447)


I have made binpatches for 4.2 and 4.3 for i386, amd64 and sparc64.

1 comment:

  1. Thanks Mike! I haven't found the time recently to build my own binpatches so I've been using yours. Patching is now as easy as:

    -zombie@murphy (~) $ sudo patch_add 004
    - Downloading CKSUMS file:
    100% |**************************************************| 4529 00:00
    - Downloading binpatch: binpatch-4.3-i386-004.tgz
    100% |**************************************************| 4475 KB 00:37
    - Comparing checksum: ok
    - Installing patch...
    ./usr/sbin/dig
    ./usr/sbin/dnssec-keygen
    ./usr/sbin/dnssec-signzone
    ./usr/sbin/host
    ./usr/sbin/named
    ./usr/sbin/named-checkconf
    ./usr/sbin/named-checkzone
    ./usr/sbin/nslookup
    ./usr/sbin/nsupdate
    ./usr/sbin/rndc
    ./usr/sbin/rndc-confgen
    ./usr/share/doc/html/bind/Bv9ARM.ch06.html
    ./var/db/binpatch/004_bind
    4.3-i386-004 installed: Jul 25 2008 11:49:24
    -zombie@murphy (~) $

    ReplyDelete