SuSE Security Advisory SUSE-SA:2009:059 (bind)

The remote host is missing updates announced in advisory SUSE-SA:2009:059.
Update your system with the packages as indicated in the referenced security advisory.
The bind DNS server was updated to close a possible cache poisoning vulnerability which allowed to bypass DNSSEC. This problem can only happen after the other spoofing/poisoning mechanisms have been bypassed already (the port and transaction id randomization). Also this can only happen if the server is setup for DNSSEC. Due to this limitation we consider this a minor issue. The DNSSEC implementation was redone in 2004 and implemented in bind 9.6. Earlier bind version do not support the DNSSEC version and so are not affected. This means that the Bind versions of SUSE Linux Enterprise Server 9 (bind 9.3.4) and SUSE Linux Enterprise Server 10 (bind 9.3.4) are not affected by this problem.