Mandrake Security Advisory MDVSA-2009:037 (bind)

The remote host is missing an update to bind announced via advisory MDVSA-2009:037.
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025. In this particular case the DSA_verify function was fixed with MDVSA-2009:002, this update does however address the RSA_verify function (CVE-2009-0265). Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0