PROBLEM: (QAR 68986) (Patch ID: OSF440-019) ******** This patch fixes a problem in which a BIND server may find that named will place a warning message in the daemon.log that was not previously seen. This message has no impact on system operation and will only be seen once for any given node on a BIND server at startup. In addressing security related BIND issues, an area of BIND functionality was altered in a previous BIND patch. A message that informs the user that a node name contains non-standard characters, such as underscores, is placed in the daemon.log file. An example of the message is: Jan 7 14:03:25 host named[316]: owner name "xx_yy.zz.com" IN (secondary) is invalid - proceeding anyway Standard characters are defined as A-Z, a-z, 0-9 and hyphen. PROBLEM: (QAR 69028) (Patch ID: OSF440-019) ******** This patch fixes a problem in which a BIND server writes files to the /etc/namedb directory instead of the /var/tmp directory. In addressing security related BIND issues, an area of BIND functionality was altered in a previous BIND patch. Files written to the /etc/namedb directory include named.run, named_dump.db, and named.stats. PROBLEM: (SSRT0636U) (PATCH ID: OSF440-329) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. Compaq has corrected this potential vulnerability. PROBLEM: (N/A) (PATCH ID: OSF440-444) ******** This patch fixes a problem where named could possibly core dump when printing an informational message to syslog. PROBLEM: (GB-G00704) (PATCH ID: OSF440-467) ******** This patch fixes a problem of named producing a core file when named is started and the named.boot file has more than 32767 zones specified. PROBLEM: (SSRT1-69U) (PATCH ID: OSF440-613) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. Compaq has corrected this potential vulnerability. PROBLEM: (95356, 95357, 95358, SSRT2408, SSRT2411, SSRT2410) (PATCH ID: OSF440-1000) ******** Potential BIND (Berkeley Internet Name Domain) security vulnerabilities have been reported to HP that may result in buffer overflows, unauthorized access, or denial of service (DoS) on HP Tru64 UNIX systems. These potential security vulnerabilities may be in the form of local and remote security domain risks. The following potential security vulnerabilities have been corrected: SSRT2408 BIND - (Severity - High) SSRT2410 BIND - (Severity - High) SSRT2411 BIND - (Severity - High) PROBLEM: (95362, SSRT2400) (PATCH ID: OSF440-1044) ******** A potential security vulnerability has been discovered, where under certain circumstanes, system integrity may be compromised. HP has corrected this potential vulnerability. Update BIND from v4.9.3 to v8.3.4.