lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1IDoFI-0006pn-QX@artemis.annvix.ca>
Date: Wed, 25 Jul 2007 15:18:12 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDKSA-2007:149 ] - Updated BIND9 packages fix
	vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:149
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : bind
 Date    : December 31, 1969
 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 The DNS query id generation code in BIND9 is vulnerable to
 cryptographic analysis which provides a 1-in-8 change of guessing the
 next query ID for 50% of the query IDs, which could be used by a remote
 attacker to perform cache poisoning by an attacker (CVE-2007-2926).
 
 As well, in BIND9 9.4.x, the default ACLs were note being correctly
 set, which could allow anyone to make recursive queries and/or query
 the cache contents (CVE-2007-2925).
 
 This update provides packages which are patched to prevent these
 issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
 http://www.isc.org/index.pl?/sw/bind/bind-security.php
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 2ebbd9a8148b7b4f05d255724627e348  2007.0/i586/bind-9.3.2-8.3mdv2007.0.i586.rpm
 386aa2bab5b3e23cb0c6f19bc17b0cd5  2007.0/i586/bind-devel-9.3.2-8.3mdv2007.0.i586.rpm
 d8e4b592f2d0fa630e32c23c50ab2565  2007.0/i586/bind-utils-9.3.2-8.3mdv2007.0.i586.rpm 
 557c41948b1ff0e4f329e2592c0dcb9f  2007.0/SRPMS/bind-9.3.2-8.3mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 7fe09bf456f8a4d83ee7e4caad08b791  2007.0/x86_64/bind-9.3.2-8.3mdv2007.0.x86_64.rpm
 e5d4a371c47e6a6f6567c454766ea734  2007.0/x86_64/bind-devel-9.3.2-8.3mdv2007.0.x86_64.rpm
 5a41c963b1e5fab7515856f14ec4c3c4  2007.0/x86_64/bind-utils-9.3.2-8.3mdv2007.0.x86_64.rpm 
 557c41948b1ff0e4f329e2592c0dcb9f  2007.0/SRPMS/bind-9.3.2-8.3mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 c5edcec0bc385a1a2c717963b0f15dc0  2007.1/i586/bind-9.4.1-0.2mdv2007.1.i586.rpm
 9c579fed148a85a852b73828613cafde  2007.1/i586/bind-devel-9.4.1-0.2mdv2007.1.i586.rpm
 9a761cb0c7128b83522934b2d9cc2dfc  2007.1/i586/bind-utils-9.4.1-0.2mdv2007.1.i586.rpm 
 af14ae7948a33b1bf21d9bcafbf0e98e  2007.1/SRPMS/bind-9.4.1-0.2mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 7a612949e7810f83e1322a574be9500c  2007.1/x86_64/bind-9.4.1-0.2mdv2007.1.x86_64.rpm
 ece5e802b3d5928999c34b1f9c95dfc8  2007.1/x86_64/bind-devel-9.4.1-0.2mdv2007.1.x86_64.rpm
 b3ccec62bfc5d07b9858f04ce8de8fd1  2007.1/x86_64/bind-utils-9.4.1-0.2mdv2007.1.x86_64.rpm 
 af14ae7948a33b1bf21d9bcafbf0e98e  2007.1/SRPMS/bind-9.4.1-0.2mdv2007.1.src.rpm

 Corporate 3.0:
 d0dae82e4a5f3e1e4c13c8886daa7e7b  corporate/3.0/i586/bind-9.2.3-6.4.C30mdk.i586.rpm
 237a8a3b0d0f3407a93a7f308eb7ac06  corporate/3.0/i586/bind-devel-9.2.3-6.4.C30mdk.i586.rpm
 abcf17e76c7cdf8ec8e6bbef2adfd79c  corporate/3.0/i586/bind-utils-9.2.3-6.4.C30mdk.i586.rpm 
 bf83bec867df0283d4977e50b8a51a09  corporate/3.0/SRPMS/bind-9.2.3-6.4.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 1394468eeb12fb9c2c52147eb1637a83  corporate/3.0/x86_64/bind-9.2.3-6.4.C30mdk.x86_64.rpm
 cd488003e8eb7174aa844896ace756f2  corporate/3.0/x86_64/bind-devel-9.2.3-6.4.C30mdk.x86_64.rpm
 f2fb153097f51bc2e99e31051b8b83cb  corporate/3.0/x86_64/bind-utils-9.2.3-6.4.C30mdk.x86_64.rpm 
 bf83bec867df0283d4977e50b8a51a09  corporate/3.0/SRPMS/bind-9.2.3-6.4.C30mdk.src.rpm

 Corporate 4.0:
 324fe3327eada40144bf44b4a31ba869  corporate/4.0/i586/bind-9.3.2-7.3.20060mlcs4.i586.rpm
 c2f1b22c3edd38f9a8c87d96ca36b271  corporate/4.0/i586/bind-devel-9.3.2-7.3.20060mlcs4.i586.rpm
 6f1cc8352c44a5ecf3affaf86981d505  corporate/4.0/i586/bind-utils-9.3.2-7.3.20060mlcs4.i586.rpm 
 e36c4caca840fb114238bffa3875e8a5  corporate/4.0/SRPMS/bind-9.3.2-7.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 c7a8dfd717b9a09d8dc41a3cb965dc5b  corporate/4.0/x86_64/bind-9.3.2-7.3.20060mlcs4.x86_64.rpm
 138e7372d556d5d9e4752fd8b0f2a51f  corporate/4.0/x86_64/bind-devel-9.3.2-7.3.20060mlcs4.x86_64.rpm
 bea2637f03f65bb5348518be66829d73  corporate/4.0/x86_64/bind-utils-9.3.2-7.3.20060mlcs4.x86_64.rpm 
 e36c4caca840fb114238bffa3875e8a5  corporate/4.0/SRPMS/bind-9.3.2-7.3.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 518dcd7390cbb5e05d2303ca1743c793  mnf/2.0/i586/bind-9.2.3-6.4.M20mdk.i586.rpm
 22b28fe7739525ac2fe596a522473c32  mnf/2.0/i586/bind-devel-9.2.3-6.4.M20mdk.i586.rpm
 a6cb4e78f4f0f59a173ac58abd50011c  mnf/2.0/i586/bind-utils-9.2.3-6.4.M20mdk.i586.rpm 
 00a33a7531bbf5bad6d74bb9f3978a78  mnf/2.0/SRPMS/bind-9.2.3-6.4.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGp5JimqjQ0CJFipgRAqD6AJ9OTBYJpKC/KgUUCTznXm0MpPuWTQCfcVP9
ZQO+2o8wd82rf9m4/arm09M=
=vTH7
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ