lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <alpine.LNX.2.02.1509021240280.15575@connie.slackware.com>
Date: Wed, 2 Sep 2015 12:40:43 -0700 (PDT)
From: Slackware Security Team <security@...ckware.com>
To: slackware-security@...ckware.com
Subject: [slackware-security]  bind (SSA:2015-245-01)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  bind (SSA:2015-245-01)

New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/bind-9.9.7_P3-i486-1_slack14.1.txz:  Upgraded.
  This update fixes two denial-of-service vulnerabilities:
  + CVE-2015-5722 is a denial-of-service vector which can be
  exploited remotely against a BIND server that is performing
  validation on DNSSEC-signed records.  Validating recursive
  resolvers are at the greatest risk from this defect, but it has not
  been ruled out that it could be exploited against an
  authoritative-only nameserver under limited conditions.  Servers
  that are not performing validation are not vulnerable.  However,
  ISC does not recommend disabling validation as a workaround to
  this issue as it exposes the server to other types of attacks.
  Upgrading to the patched versions is the recommended solution.
  All versions of BIND since 9.0.0 are vulnerable to CVE-2015-5722.
  + CVE-2015-5986 is a denial-of-service vector which can be used
  against a BIND server that is performing recursion.  Validation
  is not required.  Recursive resolvers are at the greatest risk
  from this defect, but it has not been ruled out that it could
  be exploited against an authoritative-only nameserver under
  limited conditions.
  Only versions of BIND since 9.9.7 and 9.10.2 are vulnerable to
  CVE-2015-5986.
  For more information, see:
    https://kb.isc.org/article/AA-01287/0
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5722
    https://kb.isc.org/article/AA-01291/0
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5986
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bind-9.9.7_P3-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bind-9.9.7_P3-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bind-9.9.7_P3-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bind-9.9.7_P3-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bind-9.9.7_P3-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bind-9.9.7_P3-x86_64-1_slack13.37.txz

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bind-9.9.7_P3-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bind-9.9.7_P3-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bind-9.9.7_P3-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bind-9.9.7_P3-x86_64-1_slack14.1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.10.2_P4-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.10.2_P4-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 13.0 package:
627f6c6827eca24776d790166801de25  bind-9.9.7_P3-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
49082f50322af84efe8d91459599b837  bind-9.9.7_P3-x86_64-1_slack13.0.txz

Slackware 13.1 package:
4dd375df46e84dbecb9f296e2fec692a  bind-9.9.7_P3-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
90b4376b145544d9a63c28dcb891ca47  bind-9.9.7_P3-x86_64-1_slack13.1.txz

Slackware 13.37 package:
181ce9e11eb9d909c5c06b8ddd5bb1b5  bind-9.9.7_P3-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
368f7a3b977865b0132bdcd129e70813  bind-9.9.7_P3-x86_64-1_slack13.37.txz

Slackware 14.0 package:
3bb80a54fb5d0f76d17ef33cf06a074d  bind-9.9.7_P3-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
d77b36e48e2c033ffa9d99816979304f  bind-9.9.7_P3-x86_64-1_slack14.0.txz

Slackware 14.1 package:
ada9c70208885b4c7904364e040360f9  bind-9.9.7_P3-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
a78fbe27ba2834d2918fa26ce96d5083  bind-9.9.7_P3-x86_64-1_slack14.1.txz

Slackware -current package:
450614c08d5fac56c8d2701394d1af50  n/bind-9.10.2_P4-i586-1.txz

Slackware x86_64 -current package:
32e680d6bce8dac3ad5ba54958f68f95  n/bind-9.10.2_P4-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg bind-9.9.7_P3-i486-1_slack14.1.txz

Then, restart the name server:

# /etc/rc.d/rc.bind restart


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@...ckware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@...ckware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlXnUB8ACgkQakRjwEAQIjMnxgCcCrkYYPSYOcWYp0mhWrB+v9lF
GJYAn32randcfWLPU+x9Gm79MKXTh0uI
=7I5+
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ