DSA-1703-1 bind9 -- interpretation conflictID: oval:org.secpod.oval:def:600451 | Date: (C)2011-05-13 (M)2022-10-10 |
Class: PATCH | Family: unix |
It was discovered that BIND, an implementation of the DNS protocol suite, does not properly check the result of an OpenSSL function which is used to verify DSA cryptographic signatures. As a result, incorrect DNS resource records in zones protected by DNSSEC could be accepted as genuine. For the stable distribution , this problem has been fixed in version 9.3.4-2etch4. For the unstable distribution and the testing distribution , this problem will be fixed soon. We recommend that you upgrade your BIND packages.