Mandriva Linux Security Advisory : bind (MDVSA-2009:002)
Medium Nessus Plugin ID 37473
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA flaw was found in how BIND checked the return value of the OpenSSL DSA_do_verify() function. On systems that use DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, which would allow for spoofing attacks (CVE-2009-0025).
The updated packages have been patched to prevent this issue.
SolutionUpdate the affected packages.