After almost a year of development, the Internet Software Consortium (ISC) announced the newest release of their Domain Name System (DNS) server, BIND 9.4.3, today. This release includes over 140 fixes over BIND 9.4.2.

Although this maintenance release is mainly focused on bug fixes, it does include the following four security related updates:

  • inet_network() buffer overflow. CVE-2008-0122.
  • Fully randomize UDP query ports to improve forgery resilience. [RT #17949]
  • Additional support for query port randomization (change #2375) including performance improvement and port range specification. [RT #17949, #18098]
  • win32: UDP client handler can be shutdown. [RT #18576]