Synopsis:	Moderate: bind security update
Issue date:	2009-11-30
CVE Names:	CVE-2009-4022

CVE-2009-4022 bind: cache poisoning using not validated DNSSEC responses

Michael Sinatra discovered that BIND was incorrectly caching responses
without performing proper DNSSEC validation, when those responses were
received during the resolution of a recursive client query that 
requested DNSSEC records but indicated that checking should be disabled. 
A remote attacker could use this flaw to bypass the DNSSEC validation 
check and perform a cache poisoning attack if the target BIND server was 
receiving such client queries. (CVE-2009-4022)

After installing the update, the BIND daemon (named) will be restarted 
automatically.

SL 5.x

     SRPMS:
bind-9.3.6-4.P1.el5_4.1.src.rpm
     i386:
bind-9.3.6-4.P1.el5_4.1.i386.rpm
bind-chroot-9.3.6-4.P1.el5_4.1.i386.rpm
bind-devel-9.3.6-4.P1.el5_4.1.i386.rpm
bind-libbind-devel-9.3.6-4.P1.el5_4.1.i386.rpm
bind-libs-9.3.6-4.P1.el5_4.1.i386.rpm
bind-sdb-9.3.6-4.P1.el5_4.1.i386.rpm
bind-utils-9.3.6-4.P1.el5_4.1.i386.rpm
caching-nameserver-9.3.6-4.P1.el5_4.1.i386.rpm
     x86_64:
bind-9.3.6-4.P1.el5_4.1.x86_64.rpm
bind-chroot-9.3.6-4.P1.el5_4.1.x86_64.rpm
bind-devel-9.3.6-4.P1.el5_4.1.i386.rpm
bind-devel-9.3.6-4.P1.el5_4.1.x86_64.rpm
bind-libbind-devel-9.3.6-4.P1.el5_4.1.i386.rpm
bind-libbind-devel-9.3.6-4.P1.el5_4.1.x86_64.rpm
bind-libs-9.3.6-4.P1.el5_4.1.i386.rpm
bind-libs-9.3.6-4.P1.el5_4.1.x86_64.rpm
bind-sdb-9.3.6-4.P1.el5_4.1.x86_64.rpm
bind-utils-9.3.6-4.P1.el5_4.1.x86_64.rpm
caching-nameserver-9.3.6-4.P1.el5_4.1.x86_64.rpm

-Connie Sieh
-Troy Dawson