lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1PSak9-0004lY-15@titan.mandriva.com>
Date: Tue, 14 Dec 2010 20:41:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:253 ] bind

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:253
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : bind
 Date    : December 14, 2010
 Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities were discovered and corrected in bind:
 
 named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3,
 and 9.7.x before 9.7.2-P3 does not properly handle the combination
 of signed negative responses and corresponding RRSIG records in the
 cache, which allows remote attackers to cause a denial of service
 (daemon crash) via a query for cached data (CVE-2010-3613).
 
 named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3,
 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not
 properly determine the security status of an NS RRset during a DNSKEY
 algorithm rollover, which might allow remote attackers to cause a
 denial of service (DNSSEC validation error) by triggering a rollover
 (CVE-2010-3614).
 
 ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does
 not properly handle certain bad signatures if multiple trust anchors
 exist for a single zone, which allows remote attackers to cause a
 denial of service (daemon crash) via a DNS query (CVE-2010-3762).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages for Corporate Server 4.0 has been patched to
 address these issues.
 
 The updated packages for Mandriva Linux 2009.0, 2010.0 and Mandriva
 Linux Enterprise Server 5.1 has been upgraded to bind-9.6.2-P3 and
 patched to address the CVE-2010-3762 security issue.
 
 The updated packages for Mandriva Linux 2010.1 has been upgraded to
 bind-9.7.2-P3 which is not vulnerable to these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3762
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 c244e578f17c88632203ae229e930319  2009.0/i586/bind-9.6.2-0.2mdv2009.0.i586.rpm
 7394a97fb84683afd1e99643be659dbe  2009.0/i586/bind-devel-9.6.2-0.2mdv2009.0.i586.rpm
 d4ec2420805067df8e5dfa615253d9d5  2009.0/i586/bind-doc-9.6.2-0.2mdv2009.0.i586.rpm
 49b9e3f63f5cb5e4f17f1d471c96693d  2009.0/i586/bind-utils-9.6.2-0.2mdv2009.0.i586.rpm 
 de6adf490a34d59d2a5478b13d1fcae6  2009.0/SRPMS/bind-9.6.2-0.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 f100a5d94b32d4ea354010205dd61c95  2009.0/x86_64/bind-9.6.2-0.2mdv2009.0.x86_64.rpm
 0b7d2dec10b7d523225c8fc072942a3f  2009.0/x86_64/bind-devel-9.6.2-0.2mdv2009.0.x86_64.rpm
 4762a0979b196d4fe2f9ec597b9bab17  2009.0/x86_64/bind-doc-9.6.2-0.2mdv2009.0.x86_64.rpm
 11a3f380c29d0167305a14789f0a1342  2009.0/x86_64/bind-utils-9.6.2-0.2mdv2009.0.x86_64.rpm 
 de6adf490a34d59d2a5478b13d1fcae6  2009.0/SRPMS/bind-9.6.2-0.2mdv2009.0.src.rpm

 Mandriva Linux 2010.0:
 26070dd85164e6a55d525b0911d8a5b9  2010.0/i586/bind-9.6.2-0.2mdv2010.0.i586.rpm
 3462f0f35c63e10bc7c434c41ed920ed  2010.0/i586/bind-devel-9.6.2-0.2mdv2010.0.i586.rpm
 e9de811a81102bb59e88f0203c2d6c2f  2010.0/i586/bind-doc-9.6.2-0.2mdv2010.0.i586.rpm
 74bf83c6d618bee1a271dfb4b5fe90d9  2010.0/i586/bind-utils-9.6.2-0.2mdv2010.0.i586.rpm 
 66fa1bdf42920a011ce35fadfa8599ec  2010.0/SRPMS/bind-9.6.2-0.2mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 8d5dfbfed95fcde4f4e1f7f55d843d53  2010.0/x86_64/bind-9.6.2-0.2mdv2010.0.x86_64.rpm
 c924c51f720f698392acc9499b279574  2010.0/x86_64/bind-devel-9.6.2-0.2mdv2010.0.x86_64.rpm
 4b9f532080b0235765892643c26b3b34  2010.0/x86_64/bind-doc-9.6.2-0.2mdv2010.0.x86_64.rpm
 4c49ead6f31cb62620ecad95ac347ce5  2010.0/x86_64/bind-utils-9.6.2-0.2mdv2010.0.x86_64.rpm 
 66fa1bdf42920a011ce35fadfa8599ec  2010.0/SRPMS/bind-9.6.2-0.2mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 c602faaa5ecf406a50c1d54e213b005f  2010.1/i586/bind-9.7.2-0.1mdv2010.1.i586.rpm
 0c0fb39f374e7bff06bcd41f0620f1b5  2010.1/i586/bind-devel-9.7.2-0.1mdv2010.1.i586.rpm
 36beded6f33d63195c49e5acc60fab0c  2010.1/i586/bind-doc-9.7.2-0.1mdv2010.1.i586.rpm
 90f759a7980f943a9d523474fa24579d  2010.1/i586/bind-utils-9.7.2-0.1mdv2010.1.i586.rpm 
 5c5652897cdac3de831240c456133b1f  2010.1/SRPMS/bind-9.7.2-0.1mdv2010.1.src.rpm

 Mandriva Linux 2010.1/X86_64:
 6d0b4ae6a7c1dca2be5e9be73e7eda07  2010.1/x86_64/bind-9.7.2-0.1mdv2010.1.x86_64.rpm
 6eb3a612e530882ef3f11afaf6b9ec87  2010.1/x86_64/bind-devel-9.7.2-0.1mdv2010.1.x86_64.rpm
 9f20502ce9b0c2ab21365599cc9f4ceb  2010.1/x86_64/bind-doc-9.7.2-0.1mdv2010.1.x86_64.rpm
 edd121e4fa630341dac046eadc16cc53  2010.1/x86_64/bind-utils-9.7.2-0.1mdv2010.1.x86_64.rpm 
 5c5652897cdac3de831240c456133b1f  2010.1/SRPMS/bind-9.7.2-0.1mdv2010.1.src.rpm

 Corporate 4.0:
 d9db6823d848635aab7d6d921a9ebaf4  corporate/4.0/i586/bind-9.4.3-0.3.20060mlcs4.i586.rpm
 f7094ed0272958e9720eaabff0aafd83  corporate/4.0/i586/bind-devel-9.4.3-0.3.20060mlcs4.i586.rpm
 da816b14327efc578e4b0d101241581d  corporate/4.0/i586/bind-utils-9.4.3-0.3.20060mlcs4.i586.rpm 
 b97e6cf67d71523d5e33632753f35f02  corporate/4.0/SRPMS/bind-9.4.3-0.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 d053173af842b307695607d452225b35  corporate/4.0/x86_64/bind-9.4.3-0.3.20060mlcs4.x86_64.rpm
 7a5300f1416dc460b83a40e414c764d6  corporate/4.0/x86_64/bind-devel-9.4.3-0.3.20060mlcs4.x86_64.rpm
 6d7f188606387b45595bb3ec21df8737  corporate/4.0/x86_64/bind-utils-9.4.3-0.3.20060mlcs4.x86_64.rpm 
 b97e6cf67d71523d5e33632753f35f02  corporate/4.0/SRPMS/bind-9.4.3-0.3.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 18c0520c2d8735774fe47228a8c54431  mes5/i586/bind-9.6.2-0.2mdvmes5.1.i586.rpm
 9704ba9bb67980d9863156ef9b25b40e  mes5/i586/bind-devel-9.6.2-0.2mdvmes5.1.i586.rpm
 944c833994bee486555c9800e818012e  mes5/i586/bind-doc-9.6.2-0.2mdvmes5.1.i586.rpm
 7a79ab5505f2eecdd19ecadfd815da72  mes5/i586/bind-utils-9.6.2-0.2mdvmes5.1.i586.rpm 
 0b5fcb3ae14aecb82b6ed5b96620e43e  mes5/SRPMS/bind-9.6.2-0.2mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 c854520bb790fc3fdbefdfb996a17ec5  mes5/x86_64/bind-9.6.2-0.2mdvmes5.1.x86_64.rpm
 5326c0f0f80115d75174dbb4e200e505  mes5/x86_64/bind-devel-9.6.2-0.2mdvmes5.1.x86_64.rpm
 e181f7817735b9ac929f103719d815f2  mes5/x86_64/bind-doc-9.6.2-0.2mdvmes5.1.x86_64.rpm
 b87c781974853007429b7ce6801fbf5f  mes5/x86_64/bind-utils-9.6.2-0.2mdvmes5.1.x86_64.rpm 
 0b5fcb3ae14aecb82b6ed5b96620e43e  mes5/SRPMS/bind-9.6.2-0.2mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNB5famqjQ0CJFipgRAvVVAKDRz+ErWGSYv2Zlit5z2vYxC1oy5gCgv+sZ
KzGENR8HDB+JHGGJvvGlKKo=
=lmTu
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ