Oval Definition:oval:org.mitre.oval:def:13728
Revision Date:2015-02-23Version:22
Title:DSA-1961-1 bind9 -- DNS cache poisoning
Description:Michael Sinatra discovered that the DNS resolver component in BIND does not properly check DNS records contained in additional sections of DNS responses, leading to a cache poisoning vulnerability. This vulnerability is only present in resolvers which have been configured with DNSSEC trust anchors, which is still rare. Note that this update contains an internal ABI change, which means that all BIND-related packages must be updated at the same time. In the unlikely event that you have compiled your own software against libdns, you must recompile this program, too. For the old stable distribution, this problem has been fixed in version 1:9.3.4-2etch6. For the stable distribution, this problem has been fixed in version 1:9.5.1.dfsg.P3-1+lenny1. For the unstable distribution and the testing distribution, this problem has been fixed in version 9.6.1.dfsg.P2-1. We recommend that you upgrade your bind9 packages.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2009-4022
DSA-1961-1
Platform(s):Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Product(s):bind9
Definition Synopsis
  • Release section
  • Debian GNU/Linux 5.0 is installed
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND ind9-doc DPKG is earlier than 1:9.5.1.dfsg.P3-1+lenny1
  • OR Architecture depended section
  • Supported architectures section
  • Installed architecture is s390
  • OR Installed architecture is amd64
  • OR Installed architecture is sparc
  • OR Installed architecture is arm
  • OR Installed architecture is i386
  • OR Installed architecture is armel
  • OR Installed architecture is mips
  • OR Installed architecture is ia64
  • OR Installed architecture is alpha
  • OR Installed architecture is powerpc
  • OR Installed architecture is mipsel
  • OR Installed architecture is hppa
  • AND Packages section
  • libisc45 DPKG is earlier than 1:9.5.1.dfsg.P3-1+lenny1
  • OR libisccc40 DPKG is earlier than 1:9.5.1.dfsg.P3-1+lenny1
  • OR libisccfg40 DPKG is earlier than 1:9.5.1.dfsg.P3-1+lenny1
  • OR libbind9-40 DPKG is earlier than 1:9.5.1.dfsg.P3-1+lenny1
  • OR ind9 DPKG is earlier than 1:9.5.1.dfsg.P3-1+lenny1
  • OR ind9utils DPKG is earlier than 1:9.5.1.dfsg.P3-1+lenny1
  • OR liblwres40 DPKG is earlier than 1:9.5.1.dfsg.P3-1+lenny1
  • OR libbind-dev DPKG is earlier than 1:9.5.1.dfsg.P3-1+lenny1
  • OR libdns45 DPKG is earlier than 1:9.5.1.dfsg.P3-1+lenny1
  • OR ind9-host DPKG is earlier than 1:9.5.1.dfsg.P3-1+lenny1
  • OR nsutils DPKG is earlier than 1:9.5.1.dfsg.P3-1+lenny1
  • OR lwresd DPKG is earlier than 1:9.5.1.dfsg.P3-1+lenny1
  • OR Release section
  • Debian GNU/Linux 4.0 is installed.
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND ind9-doc DPKG is earlier than 1:9.3.4-2etch6
  • OR Architecture depended section
  • Supported architectures section
  • Installed architecture is amd64
  • OR Installed architecture is sparc
  • OR Installed architecture is arm
  • OR Installed architecture is i386
  • OR Installed architecture is mips
  • OR Installed architecture is ia64
  • OR Installed architecture is alpha
  • OR Installed architecture is powerpc
  • OR Installed architecture is mipsel
  • OR Installed architecture is hppa
  • AND Packages section
  • libbind-dev DPKG is earlier than 1:9.3.4-2etch6
  • OR libdns22 DPKG is earlier than 1:9.3.4-2etch6
  • OR libisccfg1 DPKG is earlier than 1:9.3.4-2etch6
  • OR libisccc0 DPKG is earlier than 1:9.3.4-2etch6
  • OR libisc11 DPKG is earlier than 1:9.3.4-2etch6
  • OR ind9 DPKG is earlier than 1:9.3.4-2etch6
  • OR libbind9-0 DPKG is earlier than 1:9.3.4-2etch6
  • OR ind9-host DPKG is earlier than 1:9.3.4-2etch6
  • OR nsutils DPKG is earlier than 1:9.3.4-2etch6
  • OR liblwres9 DPKG is earlier than 1:9.3.4-2etch6
  • OR lwresd DPKG is earlier than 1:9.3.4-2etch6
    • BACK