lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1RRPu8-0005BA-Dv@titan.mandriva.com>
Date: Fri, 18 Nov 2011 15:59:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2011:176-2 ] bind

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                       MDVSA-2011:176-2
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : bind
 Date    : November 18, 2011
 Affected: 2010.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability was discovered and corrected in bind:
 
 Cache lookup could return RRSIG data associated with nonexistent
 records, leading to an assertion failure. [ISC RT #26590]
 (CVE-2011-4313).
 
 The updated packages have been upgraded to bind 9.7.4-P1 and 9.8.1-P1
 which is not vulnerable to this issue.

 Update:

 Packages provided for Mandriva Enterprise Server 5.2 and Mandriva
 Linux 2010.2 with the MDVSA-2011:176 and MDVSA-2011:176-1 advisory
 had wrong release numbers effectively preventing installation without
 excessive force due previous packaging mistakes. This advisory provides
 corrected packages to address the problem.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313
 http://www.isc.org/software/bind/advisories/cve-2011-4313
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 f39bf36a6c1338c67750fdc06e6c9938  2010.1/i586/bind-9.7.4-0.1.P1.1.1mdv2010.2.i586.rpm
 18ddb3de45d1803f42690d29f193ad51  2010.1/i586/bind-devel-9.7.4-0.1.P1.1.1mdv2010.2.i586.rpm
 44a8b036db1c7658f40c6c29ca94a9b2  2010.1/i586/bind-doc-9.7.4-0.1.P1.1.1mdv2010.2.i586.rpm
 f65351bd5fa6fc2e71e6985613f30a13  2010.1/i586/bind-utils-9.7.4-0.1.P1.1.1mdv2010.2.i586.rpm 
 77c232d55313bc0758a26ec95e1f2462  2010.1/SRPMS/bind-9.7.4-0.1.P1.1.1mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 921dc324393e6b72ec9af179636843a4  2010.1/x86_64/bind-9.7.4-0.1.P1.1.1mdv2010.2.x86_64.rpm
 738901860b2e5a878338086e06ab62f7  2010.1/x86_64/bind-devel-9.7.4-0.1.P1.1.1mdv2010.2.x86_64.rpm
 2091b711bf18faec158f2be894d3deed  2010.1/x86_64/bind-doc-9.7.4-0.1.P1.1.1mdv2010.2.x86_64.rpm
 30da2bada8620c4f7e59db23924da8ee  2010.1/x86_64/bind-utils-9.7.4-0.1.P1.1.1mdv2010.2.x86_64.rpm 
 77c232d55313bc0758a26ec95e1f2462  2010.1/SRPMS/bind-9.7.4-0.1.P1.1.1mdv2010.2.src.rpm

 Mandriva Enterprise Server 5:
 73d2fef181508b237fc0d74a18c9fc4a  mes5/i586/bind-9.7.4-0.1.P1.1.1mdvmes5.2.i586.rpm
 ffe081e6ec682e94c1578d4f4c3f5afc  mes5/i586/bind-devel-9.7.4-0.1.P1.1.1mdvmes5.2.i586.rpm
 8aa53e66aaac5813521c637f300690aa  mes5/i586/bind-doc-9.7.4-0.1.P1.1.1mdvmes5.2.i586.rpm
 80adc93320f5aaabc031252a8e74a494  mes5/i586/bind-utils-9.7.4-0.1.P1.1.1mdvmes5.2.i586.rpm 
 6e7372177265cf8aba76855f8577f333  mes5/SRPMS/bind-9.7.4-0.1.P1.1.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 81f88df7104598d1cecfaf07c20e539e  mes5/x86_64/bind-9.7.4-0.1.P1.1.1mdvmes5.2.x86_64.rpm
 e148d06c5e27c014974361a88bf6b66f  mes5/x86_64/bind-devel-9.7.4-0.1.P1.1.1mdvmes5.2.x86_64.rpm
 0deff4d64a7a0cfc2542d9a6a4539e8b  mes5/x86_64/bind-doc-9.7.4-0.1.P1.1.1mdvmes5.2.x86_64.rpm
 771f3758a10b8ef8c4a01ceaa6c6e4bc  mes5/x86_64/bind-utils-9.7.4-0.1.P1.1.1mdvmes5.2.x86_64.rpm 
 6e7372177265cf8aba76855f8577f333  mes5/SRPMS/bind-9.7.4-0.1.P1.1.1mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOxkXwmqjQ0CJFipgRAp3YAJ0Xo94vNtFUfsTHI8kbQotHKJ5JFwCggLXg
w7F+KMFHmoO0i3407rWefGI=
=L8A3
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ