lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1298482715.28687.31.camel@localhost>
Date: Wed, 23 Feb 2011 12:38:35 -0500
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-1070-1] Bind vulnerability

===========================================================
Ubuntu Security Notice USN-1070-1         February 23, 2011
bind9 vulnerability
CVE-2011-0414
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.10:
  libdns66                        1:9.7.1.dfsg.P2-2ubuntu0.2

In general, a standard system update will make all the necessary changes.

Details follow:

It was discovered that Bind incorrectly handled IXFR transfers and dynamic
updates while under heavy load when used as an authoritative server. A
remote attacker could use this flaw to cause Bind to stop responding,
resulting in a denial of service.


Updated packages for Ubuntu 10.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.7.1.dfsg.P2-2ubuntu0.2.debian.tar.gz
      Size/MD5:   633590 e359965f4d7402e02408085af4a4cd32
    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.7.1.dfsg.P2-2ubuntu0.2.dsc
      Size/MD5:     2292 423f576862de791b97edf37e95750309
    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.7.1.dfsg.P2.orig.tar.gz
      Size/MD5:  6104039 a09aab2a215166e37b741d78d776dfbc

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-doc_9.7.1.dfsg.P2-2ubuntu0.2_all.deb
      Size/MD5:   330324 8286b192fe1a5df9988c972c93ceb026
    http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/host_9.7.1.dfsg.P2-2ubuntu0.2_all.deb
      Size/MD5:    17476 1792e7eaad32245086d117c710439e44

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.7.1.dfsg.P2-2ubuntu0.2_amd64.deb
      Size/MD5:    69730 1c8a0a8b98b217eb83310d1821b1cc1c
    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.7.1.dfsg.P2-2ubuntu0.2_amd64.deb
      Size/MD5:   349738 9037f4a622bb56df6a32d6fadce4a73e
    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9utils_9.7.1.dfsg.P2-2ubuntu0.2_amd64.deb
      Size/MD5:   120940 ef17428138445b9369d12d2fef74eba7
    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.7.1.dfsg.P2-2ubuntu0.2_amd64.deb
      Size/MD5:   161304 f7840374de1936fdca7056c0d20449b1
    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.7.1.dfsg.P2-2ubuntu0.2_amd64.deb
      Size/MD5:  1493092 5eab9a20c300e9e6ac98ab1a99de51f9
    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-60_9.7.1.dfsg.P2-2ubuntu0.2_amd64.deb
      Size/MD5:    37084 e0017c6639f8909bfe7e9b77c5c050d7
    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns66_9.7.1.dfsg.P2-2ubuntu0.2_amd64.deb
      Size/MD5:   696296 ea1473ba2cad636caaed3a3b65360469
    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc60_9.7.1.dfsg.P2-2ubuntu0.2_amd64.deb
      Size/MD5:   169634 4a98361ade04085c3de155b52ac8481d
    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc60_9.7.1.dfsg.P2-2ubuntu0.2_amd64.deb
      Size/MD5:    31444 12c3dcc49f830df8c120f2b6ae61f827
    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg60_9.7.1.dfsg.P2-2ubuntu0.2_amd64.deb
      Size/MD5:    54622 49e4a44091a9e4358f8e6d6e8a3ab8cc
    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres60_9.7.1.dfsg.P2-2ubuntu0.2_amd64.deb
      Size/MD5:    50068 0ec154c84f2ac697534443cae6525865
    http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.7.1.dfsg.P2-2ubuntu0.2_amd64.deb
      Size/MD5:   234890 45bbf3f44f097404731d6ae9f391dc30

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.7.1.dfsg.P2-2ubuntu0.2_i386.deb
      Size/MD5:    66282 7729872a7cc4d6a447dc13b7f6563609
    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.7.1.dfsg.P2-2ubuntu0.2_i386.deb
      Size/MD5:   321106 56d1249fd1957643a45ceba86f40d8e4
    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9utils_9.7.1.dfsg.P2-2ubuntu0.2_i386.deb
      Size/MD5:   111704 31cce7e333e0a7872b4d5d12d69bcf72
    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.7.1.dfsg.P2-2ubuntu0.2_i386.deb
      Size/MD5:   150772 09938abe28594324b475749255eb4ea8
    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.7.1.dfsg.P2-2ubuntu0.2_i386.deb
      Size/MD5:  1417262 dbf1cd20c2b4b10208d7eb9c751c1f1e
    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-60_9.7.1.dfsg.P2-2ubuntu0.2_i386.deb
      Size/MD5:    37320 7b2e67dcec38c8af0d57a114562b7144
    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns66_9.7.1.dfsg.P2-2ubuntu0.2_i386.deb
      Size/MD5:   654184 0729856ebed628cfbe7cc5d338552bba
    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc60_9.7.1.dfsg.P2-2ubuntu0.2_i386.deb
      Size/MD5:   156582 416eb9b5ff48fef5968fa57a3199b1d9
    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc60_9.7.1.dfsg.P2-2ubuntu0.2_i386.deb
      Size/MD5:    30010 0369a637c6d0833e7381293562604ebc
    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg60_9.7.1.dfsg.P2-2ubuntu0.2_i386.deb
      Size/MD5:    47884 ef689385fe66b2dd42ba99c46a97ef4b
    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres60_9.7.1.dfsg.P2-2ubuntu0.2_i386.deb
      Size/MD5:    48616 07c5e3eaac12cbb8ac5b9852bd9aed89
    http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.7.1.dfsg.P2-2ubuntu0.2_i386.deb
      Size/MD5:   221284 e939144f47f77187f8ca4c8d07c2645a

  armel architecture (ARM Architecture):

    http://ports.ubuntu.com/pool/main/b/bind9/bind9-host_9.7.1.dfsg.P2-2ubuntu0.2_armel.deb
      Size/MD5:    68518 ecebf012ada2d2fe81bb5cc85ef7dd9a
    http://ports.ubuntu.com/pool/main/b/bind9/bind9_9.7.1.dfsg.P2-2ubuntu0.2_armel.deb
      Size/MD5:   331622 db7d728046eb5666093da95229181bbb
    http://ports.ubuntu.com/pool/main/b/bind9/bind9utils_9.7.1.dfsg.P2-2ubuntu0.2_armel.deb
      Size/MD5:   112430 bee409ecb3342aeb1f9e9fa832b4307b
    http://ports.ubuntu.com/pool/main/b/bind9/dnsutils_9.7.1.dfsg.P2-2ubuntu0.2_armel.deb
      Size/MD5:   157122 5b3ea1bf0358331c1232cd4bfc63e525
    http://ports.ubuntu.com/pool/main/b/bind9/libbind-dev_9.7.1.dfsg.P2-2ubuntu0.2_armel.deb
      Size/MD5:  1446262 e81d0993683a3cbbb5deadc319415468
    http://ports.ubuntu.com/pool/main/b/bind9/libbind9-60_9.7.1.dfsg.P2-2ubuntu0.2_armel.deb
      Size/MD5:    37296 05bce3c11513ae48dac282384b9f8ef2
    http://ports.ubuntu.com/pool/main/b/bind9/libdns66_9.7.1.dfsg.P2-2ubuntu0.2_armel.deb
      Size/MD5:   667836 3136961b68f1c87a7f9f80ed1df01277
    http://ports.ubuntu.com/pool/main/b/bind9/libisc60_9.7.1.dfsg.P2-2ubuntu0.2_armel.deb
      Size/MD5:   166214 db836c2ca7d367cbe50f19fa8ebd554d
    http://ports.ubuntu.com/pool/main/b/bind9/libisccc60_9.7.1.dfsg.P2-2ubuntu0.2_armel.deb
      Size/MD5:    29762 706b2de47ae03e24643b596b11acf8af
    http://ports.ubuntu.com/pool/main/b/bind9/libisccfg60_9.7.1.dfsg.P2-2ubuntu0.2_armel.deb
      Size/MD5:    47376 35e241d08173d2ddab95f1d04517decd
    http://ports.ubuntu.com/pool/main/b/bind9/liblwres60_9.7.1.dfsg.P2-2ubuntu0.2_armel.deb
      Size/MD5:    47504 9359b97549f8d2c7885a558305bda868
    http://ports.ubuntu.com/pool/universe/b/bind9/lwresd_9.7.1.dfsg.P2-2ubuntu0.2_armel.deb
      Size/MD5:   232044 e953069ab11afd15feb7d3be4421ed71

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/b/bind9/bind9-host_9.7.1.dfsg.P2-2ubuntu0.2_powerpc.deb
      Size/MD5:    69828 6c9489b7b01d677de81a85202e0c084f
    http://ports.ubuntu.com/pool/main/b/bind9/bind9_9.7.1.dfsg.P2-2ubuntu0.2_powerpc.deb
      Size/MD5:   338524 20afddc2becaea17f22a5fa977b9c9db
    http://ports.ubuntu.com/pool/main/b/bind9/bind9utils_9.7.1.dfsg.P2-2ubuntu0.2_powerpc.deb
      Size/MD5:   119356 15966a3e0edce568f4a49e0829c7a977
    http://ports.ubuntu.com/pool/main/b/bind9/dnsutils_9.7.1.dfsg.P2-2ubuntu0.2_powerpc.deb
      Size/MD5:   160668 2cf63beb51141cddf08574d85571e8ff
    http://ports.ubuntu.com/pool/main/b/bind9/libbind-dev_9.7.1.dfsg.P2-2ubuntu0.2_powerpc.deb
      Size/MD5:  1390074 a71ce7daf9e242ae41ef23c5d76f444e
    http://ports.ubuntu.com/pool/main/b/bind9/libbind9-60_9.7.1.dfsg.P2-2ubuntu0.2_powerpc.deb
      Size/MD5:    37682 6c9e9817472f1e47a42dbadeb4e388a9
    http://ports.ubuntu.com/pool/main/b/bind9/libdns66_9.7.1.dfsg.P2-2ubuntu0.2_powerpc.deb
      Size/MD5:   672274 e1eed6b4d5f47ae35fdcafa58eec355e
    http://ports.ubuntu.com/pool/main/b/bind9/libisc60_9.7.1.dfsg.P2-2ubuntu0.2_powerpc.deb
      Size/MD5:   162448 daac152164e2b926eb153823cef58755
    http://ports.ubuntu.com/pool/main/b/bind9/libisccc60_9.7.1.dfsg.P2-2ubuntu0.2_powerpc.deb
      Size/MD5:    30732 ca150687d970df031330738aeb2e1670
    http://ports.ubuntu.com/pool/main/b/bind9/libisccfg60_9.7.1.dfsg.P2-2ubuntu0.2_powerpc.deb
      Size/MD5:    50676 a464f3130db836ec63d59b615a2b42ca
    http://ports.ubuntu.com/pool/main/b/bind9/liblwres60_9.7.1.dfsg.P2-2ubuntu0.2_powerpc.deb
      Size/MD5:    48938 d4bb6e119091033ed7a9b5d5d410fc42
    http://ports.ubuntu.com/pool/universe/b/bind9/lwresd_9.7.1.dfsg.P2-2ubuntu0.2_powerpc.deb
      Size/MD5:   235280 d00611031e6cf113fa104721b828c8f4




Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ