[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [ MDVSA-2012:177 ] bind



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:177
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : bind
 Date    : December 5, 2012
 Affected: 2011.
 _______________________________________________________________________

 Problem Description:

 A vulnerability was discovered and corrected in bind:
 
 BIND 9 nameservers using the DNS64 IPv6 transition mechanism are
 vulnerable to a software defect that allows a crafted query to crash
 the server with a REQUIRE assertion failure.  Remote exploitation
 of this defect can be achieved without extensive effort, resulting
 in a denial-of-service (DoS) vector against affected servers
 (CVE-2012-5688).
 
 The updated packages have been upgraded to bind 9.8.4-P1 which is
 not vulnerable to this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5688
 https://kb.isc.org/article/AA-00828
 ftp://ftp.isc.org/isc/bind9/9.8.4-P1/CHANGES
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2011:
 66bdbc7b626996ea2ce4771aa9504cf7  
2011/i586/bind-9.8.4-0.0.P1.0.1-mdv2011.0.i586.rpm
 f3ff266312bc9c89c1b70c8bc2a68ce5  
2011/i586/bind-devel-9.8.4-0.0.P1.0.1-mdv2011.0.i586.rpm
 3d1801ced41b296442954edfe226200f  
2011/i586/bind-doc-9.8.4-0.0.P1.0.1-mdv2011.0.i586.rpm
 5260c5359ba15554d18658200337b21e  
2011/i586/bind-utils-9.8.4-0.0.P1.0.1-mdv2011.0.i586.rpm 
 19e315c74dd39bc3daed386f9bafda0b  2011/SRPMS/bind-9.8.4-0.0.P1.0.1.src.rpm

 Mandriva Linux 2011/X86_64:
 98d25a8e80c2ae965e108bd47d327331  
2011/x86_64/bind-9.8.4-0.0.P1.0.1-mdv2011.0.x86_64.rpm
 24b3b7e32fe30433bbc3ebc6da14252b  
2011/x86_64/bind-devel-9.8.4-0.0.P1.0.1-mdv2011.0.x86_64.rpm
 09b0579ab3053e306453e1d9a77de0f9  
2011/x86_64/bind-doc-9.8.4-0.0.P1.0.1-mdv2011.0.x86_64.rpm
 8d375b75c5f340bf71b633672367eb84  
2011/x86_64/bind-utils-9.8.4-0.0.P1.0.1-mdv2011.0.x86_64.rpm 
 19e315c74dd39bc3daed386f9bafda0b  2011/SRPMS/bind-9.8.4-0.0.P1.0.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFQv3pRmqjQ0CJFipgRAuREAJ9k0UD7sS+sgxtPijZe2BOOiSSKWACcCP3M
20xmFHjcTy1wkZXBon7E1Mo=
=qaNn
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/