49b20cc2f2
announced by ISC dated 31 October (delivered via e-mail to the bind-announce@isc.org list today): Description: Because of OpenSSL's recently announced vulnerabilities (CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named, we are announcing this workaround and releasing patches. A proof of concept attack on OpenSSL has been demonstrated for CAN-2006-4339. OpenSSL is required to use DNSSEC with BIND. Fix for version 9.3.2-P1 and lower: Upgrade to BIND 9.2.3-P2, then generate new RSASHA1 and RSAMD5 keys for all old keys using the old default exponent and perform a key rollover to these new keys. These versions also change the default RSA exponent to be 65537 which is not vulnerable to the attacks described in CAN-2006-4339.
6 lines
402 B
Text
6 lines
402 B
Text
MD5 (bind-9.3.2-P2.tar.gz) = 948101be324deb15ff94a5b6a639ea39
|
|
SHA256 (bind-9.3.2-P2.tar.gz) = 2f82beca3bfbc28be4a9f42d0dbba8cc5442fb6394c94b4ac7530ea9a1bb4864
|
|
SIZE (bind-9.3.2-P2.tar.gz) = 5316388
|
|
MD5 (bind-9.3.2-P2.tar.gz.asc) = 1a15c9d9fcc1772a77fbd1f90f068592
|
|
SHA256 (bind-9.3.2-P2.tar.gz.asc) = 7935933b31ebd5e611401d10a6f706e8a7e5aa961275b1f1c2770afe845a9a21
|
|
SIZE (bind-9.3.2-P2.tar.gz.asc) = 479
|