Oval Definition:oval:org.mitre.oval:def:7332
Revision Date:2014-06-23Version:20
Title:DSA-1961 bind9 -- DNS cache poisoning
Description:Michael Sinatra discovered that the DNS resolver component in BIND does not properly check DNS records contained in additional sections of DNS responses, leading to a cache poisoning vulnerability. This vulnerability is only present in resolvers which have been configured with DNSSEC trust anchors, which is still rare. Note that this update contains an internal ABI change, which means that all BIND-related packages must be updated at the same time. In the unlikely event that you have compiled your own software against libdns, you must recompile this programs, too.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2009-4022
DSA-1961
Platform(s):Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Product(s):bind9
Definition Synopsis
  • Release section
  • Debian GNU/Linux 5.0 is installed
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND bind9-doc is earlier than 9.5.1.dfsg.P3-1+lenny1
  • OR Architecture dependent section
  • Supported architectures section
  • Installed architecture is s390
  • OR Installed architecture is amd64
  • OR Installed architecture is sparc
  • OR Installed architecture is arm
  • OR Installed architecture is i386
  • OR Installed architecture is armel
  • OR Installed architecture is mips
  • OR Installed architecture is ia64
  • OR Installed architecture is alpha
  • OR Installed architecture is powerpc
  • OR Installed architecture is mipsel
  • OR Installed architecture is hppa
  • AND Packages section
  • dnsutils is earlier than 9.5.1.dfsg.P3-1+lenny1
  • OR libbind9-40 is earlier than 9.5.1.dfsg.P3-1+lenny1
  • OR libisccc40 is earlier than 9.5.1.dfsg.P3-1+lenny1
  • OR libisccfg40 is earlier than 9.5.1.dfsg.P3-1+lenny1
  • OR bind9utils is earlier than 9.5.1.dfsg.P3-1+lenny1
  • OR libisc45 is earlier than 9.5.1.dfsg.P3-1+lenny1
  • OR liblwres40 is earlier than 9.5.1.dfsg.P3-1+lenny1
  • OR lwresd is earlier than 9.5.1.dfsg.P3-1+lenny1
  • OR libbind-dev is earlier than 9.5.1.dfsg.P3-1+lenny1
  • OR libdns45 is earlier than 9.5.1.dfsg.P3-1+lenny1
  • OR bind9 is earlier than 9.5.1.dfsg.P3-1+lenny1
  • OR bind9-host is earlier than 9.5.1.dfsg.P3-1+lenny1
  • OR Release section
  • Debian GNU/Linux 4.0 is installed.
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND bind9-doc is earlier than 9.3.4-2etch6
  • OR Architecture dependent section
  • Supported architectures section
  • Installed architecture is amd64
  • OR Installed architecture is sparc
  • OR Installed architecture is arm
  • OR Installed architecture is i386
  • OR Installed architecture is mips
  • OR Installed architecture is ia64
  • OR Installed architecture is alpha
  • OR Installed architecture is powerpc
  • OR Installed architecture is mipsel
  • OR Installed architecture is hppa
  • AND Packages section
  • dnsutils is earlier than 9.3.4-2etch6
  • OR libbind-dev is earlier than 9.3.4-2etch6
  • OR libdns22 is earlier than 9.3.4-2etch6
  • OR libisccfg1 is earlier than 9.3.4-2etch6
  • OR libisccc0 is earlier than 9.3.4-2etch6
  • OR libisc11 is earlier than 9.3.4-2etch6
  • OR libbind9-0 is earlier than 9.3.4-2etch6
  • OR bind9-host is earlier than 9.3.4-2etch6
  • OR bind9 is earlier than 9.3.4-2etch6
  • OR liblwres9 is earlier than 9.3.4-2etch6
  • OR lwresd is earlier than 9.3.4-2etch6
    • BACK