Network Associates, Inc. report in bugtraq: ... o Synopsis BIND 8 contains a buffer overflow that allows a remote attacker to execute arbitrary code. The overflow is in the initial processing of a DNS request and therefore does not require an attacker to control an authoritative DNS server. In addition, the vulnerability is not dependent upon configuration options and affects both recursive and non-recursive servers. This vulnerability has been designated as CVE candidate CAN-2001-10. RISK FACTOR: HIGH ... o Vulnerable Systems BIND 8 versions: 8.2, 8.2.1 8.2.2 through to 8.2.2-P7 8.2.3-T1A through to 8.2.3-T9B BIND 4 versions: buffer overflow - 4.9.5 through to 4.9.7 format string - 4.9.3 through to 4.9.5-P1
I've fixed this last Saturday, the packages are waiting for QA approval. In the mean time, you can get them at http://www.linux-easy.com/rh-updates/
*** Bug 25186 has been marked as a duplicate of this bug. ***
*** Bug 25221 has been marked as a duplicate of this bug. ***
*** Bug 25220 has been marked as a duplicate of this bug. ***
*** Bug 25230 has been marked as a duplicate of this bug. ***
Errata released.
*** Bug 25312 has been marked as a duplicate of this bug. ***
*** Bug 25313 has been marked as a duplicate of this bug. ***
*** Bug 25331 has been marked as a duplicate of this bug. ***