Synopsis: Moderate: bind security update Issue date: 2009-11-30 CVE Names: CVE-2009-4022 CVE-2009-4022 bind: cache poisoning using not validated DNSSEC responses Michael Sinatra discovered that BIND was incorrectly caching responses without performing proper DNSSEC validation, when those responses were received during the resolution of a recursive client query that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries. (CVE-2009-4022) After installing the update, the BIND daemon (named) will be restarted automatically. SL 5.x SRPMS: bind-9.3.6-4.P1.el5_4.1.src.rpm i386: bind-9.3.6-4.P1.el5_4.1.i386.rpm bind-chroot-9.3.6-4.P1.el5_4.1.i386.rpm bind-devel-9.3.6-4.P1.el5_4.1.i386.rpm bind-libbind-devel-9.3.6-4.P1.el5_4.1.i386.rpm bind-libs-9.3.6-4.P1.el5_4.1.i386.rpm bind-sdb-9.3.6-4.P1.el5_4.1.i386.rpm bind-utils-9.3.6-4.P1.el5_4.1.i386.rpm caching-nameserver-9.3.6-4.P1.el5_4.1.i386.rpm x86_64: bind-9.3.6-4.P1.el5_4.1.x86_64.rpm bind-chroot-9.3.6-4.P1.el5_4.1.x86_64.rpm bind-devel-9.3.6-4.P1.el5_4.1.i386.rpm bind-devel-9.3.6-4.P1.el5_4.1.x86_64.rpm bind-libbind-devel-9.3.6-4.P1.el5_4.1.i386.rpm bind-libbind-devel-9.3.6-4.P1.el5_4.1.x86_64.rpm bind-libs-9.3.6-4.P1.el5_4.1.i386.rpm bind-libs-9.3.6-4.P1.el5_4.1.x86_64.rpm bind-sdb-9.3.6-4.P1.el5_4.1.x86_64.rpm bind-utils-9.3.6-4.P1.el5_4.1.x86_64.rpm caching-nameserver-9.3.6-4.P1.el5_4.1.x86_64.rpm -Connie Sieh -Troy Dawson