The OpenBSD team has released a new errata for 4.2 (013_bind) and 4.3 (004_bind) to fix a security issue with bind (the name server in OpenBSD).
From the 4.3 errata page:
A vulnerability has been found with BIND. An attacker could use this vulnerability to poison the cache of a recursive resolving name server. (CVE-2008-1447)
I have made binpatches for 4.2 and 4.3 for i386, amd64 and sparc64.
By z0mbix
Thanks Mike! I haven’t found the time recently to build my own binpatches so I’ve been using yours. Patching is now as easy as:
-zombie@murphy (~) $ sudo patch_add 004
- Downloading CKSUMS file:
100% |**************************************************| 4529 00:00
- Downloading binpatch: binpatch-4.3-i386-004.tgz
100% |**************************************************| 4475 KB 00:37
- Comparing checksum: ok
- Installing patch…
./usr/sbin/dig
./usr/sbin/dnssec-keygen
./usr/sbin/dnssec-signzone
./usr/sbin/host
./usr/sbin/named
./usr/sbin/named-checkconf
./usr/sbin/named-checkzone
./usr/sbin/nslookup
./usr/sbin/nsupdate
./usr/sbin/rndc
./usr/sbin/rndc-confgen
./usr/share/doc/html/bind/Bv9ARM.ch06.html
./var/db/binpatch/004_bind
4.3-i386-004 installed: Jul 25 2008 11:49:24
-zombie@murphy (~) $