Contributed by ray on from the CYA-again dept.
Start patching again!
Some exploitable logic errors have been found in the bind nameserver's use of OpenSSL DSA verification functions. These errors may permit an attacker to bypass validation of DSA DNSSEC signatures.
This vulnerability has been designated CVE-2009-0025. More information is available from the ISC at:
Patch for OpenBSD 4.3:
Patch for OpenBSD 4.4:
These patches are also available in the OPENBSD_4_3 and OPENBSD_4_4 stable CVS branches.
(Comments are closed)