[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1NDkE4-0002Ze-Sp@titan.mandriva.com>
Date: Thu, 26 Nov 2009 20:42:00 +0100
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2009:304 ] bind
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:304
http://www.mandriva.com/security/
_______________________________________________________________________
Package : bind
Date : November 26, 2009
Affected: 2009.0, 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Some vulnerabilities were discovered and corrected in bind:
Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5
before 9.5.2-P1, 9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3,
and 9.0.x through 9.3.x with DNSSEC validation enabled and checking
disabled (CD), allows remote attackers to conduct DNS cache poisoning
attacks via additional sections in a response sent for resolution
of a recursive client query, which is not properly handled when the
response is processed at the same time as requesting DNSSEC records
(DO). (CVE-2009-4022).
Additionally BIND has been upgraded to the latest point release or
closest supported version by ISC.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022
https://www.isc.org/node/504
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
350aede988c5fea9c534c9f6b453a6d9 2009.0/i586/bind-9.5.2-0.1mdv2009.0.i586.rpm
63dae25d60dce8878a87b0eeaa457285 2009.0/i586/bind-devel-9.5.2-0.1mdv2009.0.i586.rpm
b3e98fd47dbff14ad213a8ca8a6e466d 2009.0/i586/bind-doc-9.5.2-0.1mdv2009.0.i586.rpm
fa56daa8b48c17fbcf9e0d59ded29123 2009.0/i586/bind-utils-9.5.2-0.1mdv2009.0.i586.rpm
75ef743d58dbfc382e88fef13788f71f 2009.0/SRPMS/bind-9.5.2-0.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
12d89eb11dda9285afdcd1e315c47261 2009.0/x86_64/bind-9.5.2-0.1mdv2009.0.x86_64.rpm
7314c3bdb02a8d332a5c809ade05ffa8 2009.0/x86_64/bind-devel-9.5.2-0.1mdv2009.0.x86_64.rpm
c87e38d4da7e29bcf756afce7266dc96 2009.0/x86_64/bind-doc-9.5.2-0.1mdv2009.0.x86_64.rpm
0c7822fea0b4b39fb1330c98c3ac72e6 2009.0/x86_64/bind-utils-9.5.2-0.1mdv2009.0.x86_64.rpm
75ef743d58dbfc382e88fef13788f71f 2009.0/SRPMS/bind-9.5.2-0.1mdv2009.0.src.rpm
Mandriva Linux 2009.1:
85b9888ba8e24104787ee69eaa471f5d 2009.1/i586/bind-9.6.1-0.1mdv2009.1.i586.rpm
e251bc5c2c1065c0ceefa31b6fa7b8a9 2009.1/i586/bind-devel-9.6.1-0.1mdv2009.1.i586.rpm
53f7c3477e5d3f3ebc3376ecb63a2eec 2009.1/i586/bind-doc-9.6.1-0.1mdv2009.1.i586.rpm
144e76e8e28f839dafd1a0c2816345a8 2009.1/i586/bind-utils-9.6.1-0.1mdv2009.1.i586.rpm
d11449cedd0e738e27518e5f65c06628 2009.1/SRPMS/bind-9.6.1-0.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
5a8c68cf6b92bcb1de285aa151550806 2009.1/x86_64/bind-9.6.1-0.1mdv2009.1.x86_64.rpm
224a8d280a689e2918c99f50d95a286b 2009.1/x86_64/bind-devel-9.6.1-0.1mdv2009.1.x86_64.rpm
d2339b9352a58a33e3e347d30f3112af 2009.1/x86_64/bind-doc-9.6.1-0.1mdv2009.1.x86_64.rpm
9af5d666780c971c014e4703a02735f5 2009.1/x86_64/bind-utils-9.6.1-0.1mdv2009.1.x86_64.rpm
d11449cedd0e738e27518e5f65c06628 2009.1/SRPMS/bind-9.6.1-0.1mdv2009.1.src.rpm
Mandriva Linux 2010.0:
370e9b2a7a28cbed55406fe55726362d 2010.0/i586/bind-9.6.1-4.1mdv2010.0.i586.rpm
a5ac29331aee65433a5892cd836f0c98 2010.0/i586/bind-devel-9.6.1-4.1mdv2010.0.i586.rpm
e7cc049f431f380300371341d5310c61 2010.0/i586/bind-doc-9.6.1-4.1mdv2010.0.i586.rpm
2e1ca9662985205be96c85ffda316da1 2010.0/i586/bind-utils-9.6.1-4.1mdv2010.0.i586.rpm
11cb180925f7705960f23d853fa75a82 2010.0/SRPMS/bind-9.6.1-4.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
3cc9cd36796d0e385d0768fca4e1df26 2010.0/x86_64/bind-9.6.1-4.1mdv2010.0.x86_64.rpm
f4544efd9648274c057ff83340d9dbfb 2010.0/x86_64/bind-devel-9.6.1-4.1mdv2010.0.x86_64.rpm
6110c4726cc972c0226ffa89264c2d3a 2010.0/x86_64/bind-doc-9.6.1-4.1mdv2010.0.x86_64.rpm
fbb65979f1b2c1184a4511eb554d9705 2010.0/x86_64/bind-utils-9.6.1-4.1mdv2010.0.x86_64.rpm
11cb180925f7705960f23d853fa75a82 2010.0/SRPMS/bind-9.6.1-4.1mdv2010.0.src.rpm
Corporate 4.0:
efa9da62f2e60853b87767f00ca547ef corporate/4.0/i586/bind-9.4.3-0.1.20060mlcs4.i586.rpm
7527a21df42df4e7868ba61879f42518 corporate/4.0/i586/bind-devel-9.4.3-0.1.20060mlcs4.i586.rpm
7646549a4dcc5f65e8ea6f8067e95070 corporate/4.0/i586/bind-utils-9.4.3-0.1.20060mlcs4.i586.rpm
36463b1e9d167038f904ca7df177898b corporate/4.0/SRPMS/bind-9.4.3-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
e41861745bb151fb5efc1bf9b50f6505 corporate/4.0/x86_64/bind-9.4.3-0.1.20060mlcs4.x86_64.rpm
9dd765db9f38a16221a275b96281802f corporate/4.0/x86_64/bind-devel-9.4.3-0.1.20060mlcs4.x86_64.rpm
4ae28b93e75875ec58e3bb5dbc39494d corporate/4.0/x86_64/bind-utils-9.4.3-0.1.20060mlcs4.x86_64.rpm
36463b1e9d167038f904ca7df177898b corporate/4.0/SRPMS/bind-9.4.3-0.1.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
4c906960098af8693448ac5cb3766379 mes5/i586/bind-9.5.2-0.1mdvmes5.i586.rpm
9628b329b44d2d5969f7ff277d3d7f0b mes5/i586/bind-devel-9.5.2-0.1mdvmes5.i586.rpm
5e4096b88a627c1dec4238dfcf401ba2 mes5/i586/bind-doc-9.5.2-0.1mdvmes5.i586.rpm
dcc67d5dc6e2df19b70bfc7eb07e3633 mes5/i586/bind-utils-9.5.2-0.1mdvmes5.i586.rpm
78aa573ae412f837d942225a77e56398 mes5/SRPMS/bind-9.5.2-0.1mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64:
4bc1fb9a2260d4dda412102e7eca322b mes5/x86_64/bind-9.5.2-0.1mdvmes5.x86_64.rpm
bf243b38288fd02299fe250547060d9d mes5/x86_64/bind-devel-9.5.2-0.1mdvmes5.x86_64.rpm
c5913b8326477c600d4bd5f3524218ec mes5/x86_64/bind-doc-9.5.2-0.1mdvmes5.x86_64.rpm
e555c924894703f24d91f9e4c7715927 mes5/x86_64/bind-utils-9.5.2-0.1mdvmes5.x86_64.rpm
78aa573ae412f837d942225a77e56398 mes5/SRPMS/bind-9.5.2-0.1mdvmes5.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLDqxBmqjQ0CJFipgRAq5SAKCtfakAexWy/C5PkEsNrFfrk7gQHwCgvY9R
pmiCd4VANBSFJKkMchIBpjE=
=q1sN
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists