[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] [ MDVSA-2010:253 ] bind
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] [ MDVSA-2010:253 ] bind
- From: security@xxxxxxxxxxxx
- Date: Tue, 14 Dec 2010 20:41:00 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:253
http://www.mandriva.com/security/
_______________________________________________________________________
Package : bind
Date : December 14, 2010
Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities were discovered and corrected in bind:
named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3,
and 9.7.x before 9.7.2-P3 does not properly handle the combination
of signed negative responses and corresponding RRSIG records in the
cache, which allows remote attackers to cause a denial of service
(daemon crash) via a query for cached data (CVE-2010-3613).
named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3,
9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not
properly determine the security status of an NS RRset during a DNSKEY
algorithm rollover, which might allow remote attackers to cause a
denial of service (DNSSEC validation error) by triggering a rollover
(CVE-2010-3614).
ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does
not properly handle certain bad signatures if multiple trust anchors
exist for a single zone, which allows remote attackers to cause a
denial of service (daemon crash) via a DNS query (CVE-2010-3762).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages for Corporate Server 4.0 has been patched to
address these issues.
The updated packages for Mandriva Linux 2009.0, 2010.0 and Mandriva
Linux Enterprise Server 5.1 has been upgraded to bind-9.6.2-P3 and
patched to address the CVE-2010-3762 security issue.
The updated packages for Mandriva Linux 2010.1 has been upgraded to
bind-9.7.2-P3 which is not vulnerable to these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3762
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
c244e578f17c88632203ae229e930319 2009.0/i586/bind-9.6.2-0.2mdv2009.0.i586.rpm
7394a97fb84683afd1e99643be659dbe
2009.0/i586/bind-devel-9.6.2-0.2mdv2009.0.i586.rpm
d4ec2420805067df8e5dfa615253d9d5
2009.0/i586/bind-doc-9.6.2-0.2mdv2009.0.i586.rpm
49b9e3f63f5cb5e4f17f1d471c96693d
2009.0/i586/bind-utils-9.6.2-0.2mdv2009.0.i586.rpm
de6adf490a34d59d2a5478b13d1fcae6 2009.0/SRPMS/bind-9.6.2-0.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
f100a5d94b32d4ea354010205dd61c95
2009.0/x86_64/bind-9.6.2-0.2mdv2009.0.x86_64.rpm
0b7d2dec10b7d523225c8fc072942a3f
2009.0/x86_64/bind-devel-9.6.2-0.2mdv2009.0.x86_64.rpm
4762a0979b196d4fe2f9ec597b9bab17
2009.0/x86_64/bind-doc-9.6.2-0.2mdv2009.0.x86_64.rpm
11a3f380c29d0167305a14789f0a1342
2009.0/x86_64/bind-utils-9.6.2-0.2mdv2009.0.x86_64.rpm
de6adf490a34d59d2a5478b13d1fcae6 2009.0/SRPMS/bind-9.6.2-0.2mdv2009.0.src.rpm
Mandriva Linux 2010.0:
26070dd85164e6a55d525b0911d8a5b9 2010.0/i586/bind-9.6.2-0.2mdv2010.0.i586.rpm
3462f0f35c63e10bc7c434c41ed920ed
2010.0/i586/bind-devel-9.6.2-0.2mdv2010.0.i586.rpm
e9de811a81102bb59e88f0203c2d6c2f
2010.0/i586/bind-doc-9.6.2-0.2mdv2010.0.i586.rpm
74bf83c6d618bee1a271dfb4b5fe90d9
2010.0/i586/bind-utils-9.6.2-0.2mdv2010.0.i586.rpm
66fa1bdf42920a011ce35fadfa8599ec 2010.0/SRPMS/bind-9.6.2-0.2mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
8d5dfbfed95fcde4f4e1f7f55d843d53
2010.0/x86_64/bind-9.6.2-0.2mdv2010.0.x86_64.rpm
c924c51f720f698392acc9499b279574
2010.0/x86_64/bind-devel-9.6.2-0.2mdv2010.0.x86_64.rpm
4b9f532080b0235765892643c26b3b34
2010.0/x86_64/bind-doc-9.6.2-0.2mdv2010.0.x86_64.rpm
4c49ead6f31cb62620ecad95ac347ce5
2010.0/x86_64/bind-utils-9.6.2-0.2mdv2010.0.x86_64.rpm
66fa1bdf42920a011ce35fadfa8599ec 2010.0/SRPMS/bind-9.6.2-0.2mdv2010.0.src.rpm
Mandriva Linux 2010.1:
c602faaa5ecf406a50c1d54e213b005f 2010.1/i586/bind-9.7.2-0.1mdv2010.1.i586.rpm
0c0fb39f374e7bff06bcd41f0620f1b5
2010.1/i586/bind-devel-9.7.2-0.1mdv2010.1.i586.rpm
36beded6f33d63195c49e5acc60fab0c
2010.1/i586/bind-doc-9.7.2-0.1mdv2010.1.i586.rpm
90f759a7980f943a9d523474fa24579d
2010.1/i586/bind-utils-9.7.2-0.1mdv2010.1.i586.rpm
5c5652897cdac3de831240c456133b1f 2010.1/SRPMS/bind-9.7.2-0.1mdv2010.1.src.rpm
Mandriva Linux 2010.1/X86_64:
6d0b4ae6a7c1dca2be5e9be73e7eda07
2010.1/x86_64/bind-9.7.2-0.1mdv2010.1.x86_64.rpm
6eb3a612e530882ef3f11afaf6b9ec87
2010.1/x86_64/bind-devel-9.7.2-0.1mdv2010.1.x86_64.rpm
9f20502ce9b0c2ab21365599cc9f4ceb
2010.1/x86_64/bind-doc-9.7.2-0.1mdv2010.1.x86_64.rpm
edd121e4fa630341dac046eadc16cc53
2010.1/x86_64/bind-utils-9.7.2-0.1mdv2010.1.x86_64.rpm
5c5652897cdac3de831240c456133b1f 2010.1/SRPMS/bind-9.7.2-0.1mdv2010.1.src.rpm
Corporate 4.0:
d9db6823d848635aab7d6d921a9ebaf4
corporate/4.0/i586/bind-9.4.3-0.3.20060mlcs4.i586.rpm
f7094ed0272958e9720eaabff0aafd83
corporate/4.0/i586/bind-devel-9.4.3-0.3.20060mlcs4.i586.rpm
da816b14327efc578e4b0d101241581d
corporate/4.0/i586/bind-utils-9.4.3-0.3.20060mlcs4.i586.rpm
b97e6cf67d71523d5e33632753f35f02
corporate/4.0/SRPMS/bind-9.4.3-0.3.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
d053173af842b307695607d452225b35
corporate/4.0/x86_64/bind-9.4.3-0.3.20060mlcs4.x86_64.rpm
7a5300f1416dc460b83a40e414c764d6
corporate/4.0/x86_64/bind-devel-9.4.3-0.3.20060mlcs4.x86_64.rpm
6d7f188606387b45595bb3ec21df8737
corporate/4.0/x86_64/bind-utils-9.4.3-0.3.20060mlcs4.x86_64.rpm
b97e6cf67d71523d5e33632753f35f02
corporate/4.0/SRPMS/bind-9.4.3-0.3.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
18c0520c2d8735774fe47228a8c54431 mes5/i586/bind-9.6.2-0.2mdvmes5.1.i586.rpm
9704ba9bb67980d9863156ef9b25b40e
mes5/i586/bind-devel-9.6.2-0.2mdvmes5.1.i586.rpm
944c833994bee486555c9800e818012e
mes5/i586/bind-doc-9.6.2-0.2mdvmes5.1.i586.rpm
7a79ab5505f2eecdd19ecadfd815da72
mes5/i586/bind-utils-9.6.2-0.2mdvmes5.1.i586.rpm
0b5fcb3ae14aecb82b6ed5b96620e43e mes5/SRPMS/bind-9.6.2-0.2mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
c854520bb790fc3fdbefdfb996a17ec5
mes5/x86_64/bind-9.6.2-0.2mdvmes5.1.x86_64.rpm
5326c0f0f80115d75174dbb4e200e505
mes5/x86_64/bind-devel-9.6.2-0.2mdvmes5.1.x86_64.rpm
e181f7817735b9ac929f103719d815f2
mes5/x86_64/bind-doc-9.6.2-0.2mdvmes5.1.x86_64.rpm
b87c781974853007429b7ce6801fbf5f
mes5/x86_64/bind-utils-9.6.2-0.2mdvmes5.1.x86_64.rpm
0b5fcb3ae14aecb82b6ed5b96620e43e mes5/SRPMS/bind-9.6.2-0.2mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNB5famqjQ0CJFipgRAvVVAKDRz+ErWGSYv2Zlit5z2vYxC1oy5gCgv+sZ
KzGENR8HDB+JHGGJvvGlKKo=
=lmTu
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/