Linux Today: Linux News On Internet Time.

More on LinuxToday

Slackware Security Advisory: multiple vulnerabilities in bind 8.x

Jan 31, 2001, 06:29 (0 Talkback[s])

Date: Mon, 29 Jan 2001 09:07:59 -0800
From: Slackware Security Team
Subject: [slackware-security] multiple vulnerabilities in bind 8.x

Multiple vulnerabilities exist in the versions of BIND found in Slackware 7.1 and -current. Users of BIND 8.x are urged to upgrade to 8.2.3 to fix these problems. More information can be found on the BIND website:

... and in the CERT Advisory CA-2001-02 - Multiple Vulnerabilities in BIND:

By upgrading to BIND 8.2.3, users can fix these problems.

BIND 8.2.3 AVAILABLE - (bind.tgz)

Multiple vulnerabilities have been patched in BIND. Upgrading to BIND 8.2.3 addreses these vulnerabilities. Packages available:

For Slackware -current:

For Slackware 7.1:

For verification purposes, we provide the following checksums:

     For Slackware -current:
        16-bit "sum" checksum:
        41667  1641   bind.tgz

        128-bit MD5 message digest:
a46dd2ba74f50d0acba68ea0a38955d9 bind.tgz

     For Slackware 7.1:
        16-bit "sum" checksum:
        58057  1640   bind.tgz

        128-bit MD5 message digest:
eaaeeea64ab3ecd1dcc33149f9ee93a9 bind.tgz

Be sure to backup your name server configuration files (/etc/named.conf and the /var/named directory) for safe measure. Then stop the name server:

# ndc stop

Now run upgradepkg on the new BIND package:

# upgradepkg bind.tgz

The name server can now be restarted:

# ndc start

Remember, it's also a good idea to backup configuration files before upgrading packages.

- Slackware Linux Security Team