Posted on 08/12/2009 7:19:38 PM PDT by Swordmaker
Article: HT3776
Summary
This document describes the security content of Security Update 2009-004, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other Security Updates, see "Apple Security Updates."
Products Affected
Product Security
Security Update 2009-004
BIND
CVE-ID: CVE-2009-0696
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: A remote attacker may be able to cause the DNS server to unexpectedly terminate
Description: A logic issue in the handling of dynamic DNS update messages may cause an assertion to be triggered. By sending a maliciously crafted update message to the BIND DNS server, a remote attacker may be able to interrupt the BIND service. The issue affects servers which are masters for one or more zones, regardless of whether they accept updates. BIND is included with Mac OS X and Mac OS X Server but it is not enabled by default. This update addresses the issue by properly rejecting messages with a record of type 'ANY' where an assertion would previously have been raised.
Thanks to TheStickman for the heads up.
For those of you who are using BIND, it's time to click "Software update..." under the Apple Menu on the menu bar...
For those of you who aren't using BIND, you can wait a few years until you do.
Thanks to TheStickman for the heads up.
If you want on or off the Mac Ping List, Freepmail me.
For those of you who are using BIND...
What about for those of us who don’t eat cheese? Or who really don’t know how this applies to the political world?
Is this a secret Libertarian/Contrarian code? Cheers!
This is a secret society code that is only known to Mac and UNIX users... to join, you have to be a Mac user... to worry about this security update, you have to be bound up in using BIND... If you are using BIND, you are likely using your Mac as a server on the Internet or on an internal intranet. Most of us members of the Mac society don't do that...
It’s a tad tighter than merely using BIND:
This is another one of those bugs that Apple inherits from the Unix world.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.