News Mac OS X Security Update 2009-004

Discussion in 'Macintosh' started by Dark Atheist, Aug 14, 2009.

  1. Dark Atheist

    Dark Atheist Moderator Political User Folding Team

    Messages:
    6,376
    Location:
    In The Void
    • BIND
      CVE-ID: CVE-2009-0696
      Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8
      Impact: A remote attacker may be able to cause the DNS server to unexpectedly terminate
      Description: A logic issue in the handling of dynamic DNS update messages may cause an assertion to be triggered. By sending a maliciously crafted update message to the BIND DNS server, a remote attacker may be able to interrupt the BIND service. The issue affects servers which are masters for one or more zones, regardless of whether they accept updates. BIND is included with Mac OS X and Mac OS X Server but it is not enabled by default. This update addresses the issue by properly rejecting messages with a record of type 'ANY' where an assertion would previously have been raised.

    :source: Source: My Auto Update
    :view: Info: Here
    :software: Download: via Software Update, or from Apple Downloads