[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1W3pDg-00084T-I5@titan.mandriva.com>
Date: Thu, 16 Jan 2014 16:51:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2014:002 ] bind
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2014:002
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : bind
Date : January 16, 2014
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been discovered and corrected in ISC BIND:
The query_findclosestnsec3 function in query.c in named in ISC
BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2,
and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause
a denial of service (INSIST assertion failure and daemon exit) via a
crafted DNS query to an authoritative nameserver that uses the NSEC3
signing feature (CVE-2014-0591).
The updated packages for Enterprise Server 5 have been patched to
correct this issue.
The updated packages for Business Server 1 have been upgraded to the
9.9.4-P2 version which is unaffected by this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591
https://kb.isc.org/article/AA-01078
https://kb.isc.org/article/AA-01085
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
f07d5f3ac358e1743df18afed1717a8e mes5/i586/bind-9.7.6-0.0.P4.0.4mdvmes5.2.i586.rpm
b4a3f965f352c259f96d8227cec681a7 mes5/i586/bind-devel-9.7.6-0.0.P4.0.4mdvmes5.2.i586.rpm
d0e1b881d0a194016cd9bf34a048d43a mes5/i586/bind-doc-9.7.6-0.0.P4.0.4mdvmes5.2.i586.rpm
8fb9e05df2d851d81c0389bc3c31da1d mes5/i586/bind-utils-9.7.6-0.0.P4.0.4mdvmes5.2.i586.rpm
84f05e71c5c8528b047f5e6a7369725d mes5/SRPMS/bind-9.7.6-0.0.P4.0.4mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
1b5dd9dd06157dd5c21cdf670bc3e797 mes5/x86_64/bind-9.7.6-0.0.P4.0.4mdvmes5.2.x86_64.rpm
b6f965498072c61f71edbb9da9fce67e mes5/x86_64/bind-devel-9.7.6-0.0.P4.0.4mdvmes5.2.x86_64.rpm
2f41ab96b58d6a65ebb1d57a09c154d6 mes5/x86_64/bind-doc-9.7.6-0.0.P4.0.4mdvmes5.2.x86_64.rpm
258a8571aa242fb3639e024f1d2de04c mes5/x86_64/bind-utils-9.7.6-0.0.P4.0.4mdvmes5.2.x86_64.rpm
84f05e71c5c8528b047f5e6a7369725d mes5/SRPMS/bind-9.7.6-0.0.P4.0.4mdvmes5.2.src.rpm
Mandriva Business Server 1/X86_64:
c7d43337e79c3df8b8d7d9c660980976 mbs1/x86_64/bind-9.9.4.P2-1.mbs1.x86_64.rpm
e661e92dd4d9303abb2dd02302e40d63 mbs1/x86_64/bind-devel-9.9.4.P2-1.mbs1.x86_64.rpm
1817848454e6f818f41a9af1470df044 mbs1/x86_64/bind-doc-9.9.4.P2-1.mbs1.noarch.rpm
ab9be5f0d0a4dd2f75a71320dd66583b mbs1/x86_64/bind-sdb-9.9.4.P2-1.mbs1.x86_64.rpm
b3b4f0118e1dcaf7da30a539288851aa mbs1/x86_64/bind-utils-9.9.4.P2-1.mbs1.x86_64.rpm
66f817dea364f1836b3157b7c5bb5936 mbs1/SRPMS/bind-9.9.4.P2-1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFS19PXmqjQ0CJFipgRAlvDAKCfB8gBJ4wSJZFwJ3r7Iye2VcTxNwCghMOe
WYOjvvewlxsdbQRo4CNrQ2o=
=nLE0
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists