[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1MWG8z-0001eA-ID@titan.mandriva.com>
Date: Wed, 29 Jul 2009 22:53:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:181 ] bind
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:181
http://www.mandriva.com/security/
_______________________________________________________________________
Package : bind
Date : July 29, 2009
Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
Enterprise Server 5.0, Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in ISC BIND:
The dns_db_findrdataset function in db.c in named in ISC BIND 9.4
before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when
configured as a master server, allows remote attackers to cause
a denial of service (assertion failure and daemon exit) via an ANY
record in the prerequisite section of a crafted dynamic update message,
as exploited in the wild in July 2009 (CVE-2009-0696).
This update provides fixes for this vulnerability.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696
https://www.isc.org/node/474
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
e6954e8c6ec43b4c6a142e25db1ee607 2008.1/i586/bind-9.5.0-3.4mdv2008.1.i586.rpm
81e0917fe1690770b1a975e54a400a44 2008.1/i586/bind-devel-9.5.0-3.4mdv2008.1.i586.rpm
cb4f4760ce0c1c1bd043ef4a13d1f101 2008.1/i586/bind-doc-9.5.0-3.4mdv2008.1.i586.rpm
392f91ef627ecc26ac42cfc2f5834ecf 2008.1/i586/bind-utils-9.5.0-3.4mdv2008.1.i586.rpm
1172f4549217df6e70ee0efa6160b718 2008.1/SRPMS/bind-9.5.0-3.4mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
e655a1b5bc45d99866fa8955417daf8a 2008.1/x86_64/bind-9.5.0-3.4mdv2008.1.x86_64.rpm
caacb8c2054722652a7f3ee052529b52 2008.1/x86_64/bind-devel-9.5.0-3.4mdv2008.1.x86_64.rpm
675ed9b7e36c82830974231143d48e54 2008.1/x86_64/bind-doc-9.5.0-3.4mdv2008.1.x86_64.rpm
4ca2b9b2fee2d3d1ba713e99e35e56a4 2008.1/x86_64/bind-utils-9.5.0-3.4mdv2008.1.x86_64.rpm
1172f4549217df6e70ee0efa6160b718 2008.1/SRPMS/bind-9.5.0-3.4mdv2008.1.src.rpm
Mandriva Linux 2009.0:
2265c306b34a926e8c4b63f310ca4318 2009.0/i586/bind-9.5.0-6.4mdv2009.0.i586.rpm
1dae5953fc557b5a88679e37f590e287 2009.0/i586/bind-devel-9.5.0-6.4mdv2009.0.i586.rpm
b82af709c2801f4d111cc5a295806929 2009.0/i586/bind-doc-9.5.0-6.4mdv2009.0.i586.rpm
0bba8fe3d466765c3d163963e33dcd1c 2009.0/i586/bind-utils-9.5.0-6.4mdv2009.0.i586.rpm
3bf489be108ec7613f0de79b5771980c 2009.0/SRPMS/bind-9.5.0-6.4mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
b571f86841123623cbdb3dadee4e6d40 2009.0/x86_64/bind-9.5.0-6.4mdv2009.0.x86_64.rpm
e49c9641971fdab0686e41e5c66dfa28 2009.0/x86_64/bind-devel-9.5.0-6.4mdv2009.0.x86_64.rpm
4e836a0efeb07fa84321ddb4d79fa214 2009.0/x86_64/bind-doc-9.5.0-6.4mdv2009.0.x86_64.rpm
91cfe29ee1fc761bd061c014419a98a1 2009.0/x86_64/bind-utils-9.5.0-6.4mdv2009.0.x86_64.rpm
3bf489be108ec7613f0de79b5771980c 2009.0/SRPMS/bind-9.5.0-6.4mdv2009.0.src.rpm
Mandriva Linux 2009.1:
1574e7cbe3f99be7528a5a4bba0b3c36 2009.1/i586/bind-9.6.0-5.1mdv2009.1.i586.rpm
997bcefef70cfc0fd64de97d475bd8ef 2009.1/i586/bind-devel-9.6.0-5.1mdv2009.1.i586.rpm
d7d97138aa182a78ede02ce936ec621e 2009.1/i586/bind-doc-9.6.0-5.1mdv2009.1.i586.rpm
64efbfdb6205e36d0d82e4c46f888933 2009.1/i586/bind-utils-9.6.0-5.1mdv2009.1.i586.rpm
f64f798351976a450ba3756dd0fea502 2009.1/SRPMS/bind-9.6.0-5.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
7b2b3a7e9ffd634066da56b16f48c5ad 2009.1/x86_64/bind-9.6.0-5.1mdv2009.1.x86_64.rpm
6ce05498dcb76c23822cd15f0d9817d0 2009.1/x86_64/bind-devel-9.6.0-5.1mdv2009.1.x86_64.rpm
60f42f942cea6b39807ffafe64ae9648 2009.1/x86_64/bind-doc-9.6.0-5.1mdv2009.1.x86_64.rpm
1ed29f65cfe371a0770ac4e08d15c595 2009.1/x86_64/bind-utils-9.6.0-5.1mdv2009.1.x86_64.rpm
f64f798351976a450ba3756dd0fea502 2009.1/SRPMS/bind-9.6.0-5.1mdv2009.1.src.rpm
Corporate 3.0:
22fbe7ff4f3a62c34130d41cdfe17440 corporate/3.0/i586/bind-9.2.3-6.8.C30mdk.i586.rpm
9a60dfe70446c27a570746495e454855 corporate/3.0/i586/bind-devel-9.2.3-6.8.C30mdk.i586.rpm
29c99438058a46b60922d5c15c1f5369 corporate/3.0/i586/bind-utils-9.2.3-6.8.C30mdk.i586.rpm
18203a5552b8762360078ca0b6508536 corporate/3.0/SRPMS/bind-9.2.3-6.8.C30mdk.src.rpm
Corporate 3.0/X86_64:
7510ae88d8625a3172dfd26e8873fd8d corporate/3.0/x86_64/bind-9.2.3-6.8.C30mdk.x86_64.rpm
fabf1e537f98e0de07912a6c60f2f648 corporate/3.0/x86_64/bind-devel-9.2.3-6.8.C30mdk.x86_64.rpm
21ee584f94d252b6ff6d9ea89c61abb1 corporate/3.0/x86_64/bind-utils-9.2.3-6.8.C30mdk.x86_64.rpm
18203a5552b8762360078ca0b6508536 corporate/3.0/SRPMS/bind-9.2.3-6.8.C30mdk.src.rpm
Corporate 4.0:
3e3e68b286742686c972aecff9a821f7 corporate/4.0/i586/bind-9.3.5-0.7.20060mlcs4.i586.rpm
e56467e964a808c4ba84ac5b59dd6424 corporate/4.0/i586/bind-devel-9.3.5-0.7.20060mlcs4.i586.rpm
8a01ede152e11e28b4e1db96b562c046 corporate/4.0/i586/bind-utils-9.3.5-0.7.20060mlcs4.i586.rpm
116ed44cd0dd21258aa7824e9a660bc4 corporate/4.0/SRPMS/bind-9.3.5-0.7.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
4efab5c2fb9acd53199f9730fde4d56d corporate/4.0/x86_64/bind-9.3.5-0.7.20060mlcs4.x86_64.rpm
bacca9e65e9940c5faa0d5d8c6e2b8aa corporate/4.0/x86_64/bind-devel-9.3.5-0.7.20060mlcs4.x86_64.rpm
4ee28311421e5a715d7494eab41d486b corporate/4.0/x86_64/bind-utils-9.3.5-0.7.20060mlcs4.x86_64.rpm
116ed44cd0dd21258aa7824e9a660bc4 corporate/4.0/SRPMS/bind-9.3.5-0.7.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
c595df5d7837f1e2fa28c741dcb0b073 mes5/i586/bind-9.5.0-6.4mdvmes5.i586.rpm
53f5197e2ff0adb2590f796813a843bd mes5/i586/bind-devel-9.5.0-6.4mdvmes5.i586.rpm
267c0a8de1771e35f575869cc9296fbf mes5/i586/bind-doc-9.5.0-6.4mdvmes5.i586.rpm
fd370574fcbab1d29a263b2984e84992 mes5/i586/bind-utils-9.5.0-6.4mdvmes5.i586.rpm
662f581bbcb2769ae7592dcdfa89338b mes5/SRPMS/bind-9.5.0-6.4mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64:
71c58946ec1a3e1c97abf95956e2bbd5 mes5/x86_64/bind-9.5.0-6.4mdvmes5.x86_64.rpm
4c2a8234aaef6d6d6a38f68c121360f6 mes5/x86_64/bind-devel-9.5.0-6.4mdvmes5.x86_64.rpm
80f122911d2b83b12e45c83c7733cde8 mes5/x86_64/bind-doc-9.5.0-6.4mdvmes5.x86_64.rpm
c305c929f1bbb0007c7d6480d8d7a184 mes5/x86_64/bind-utils-9.5.0-6.4mdvmes5.x86_64.rpm
662f581bbcb2769ae7592dcdfa89338b mes5/SRPMS/bind-9.5.0-6.4mdvmes5.src.rpm
Multi Network Firewall 2.0:
8cce4c7c205c4bed1d745583d0aa6727 mnf/2.0/i586/bind-9.2.3-6.8.C30mdk.i586.rpm
cab4d48d43a88546914e40d91c2024ec mnf/2.0/i586/bind-devel-9.2.3-6.8.C30mdk.i586.rpm
bc1ed470759bf793159cfc7ac966c661 mnf/2.0/i586/bind-utils-9.2.3-6.8.C30mdk.i586.rpm
e4a352e32611c30df4ba2a5154ff9ab2 mnf/2.0/SRPMS/bind-9.2.3-6.8.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKcIiHmqjQ0CJFipgRAiITAJ9w9mLoi0MUZpc8uTCL44E9JvJU4wCgm1D3
b1R19QdVVKyTws4xZhfaesw=
=WzGU
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists