Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[SECURITY] [DSA 1603-1] New bind9 packages fix cache poisoning
From: Florian Weimer <fw () deneb enyo de>
Date: Tue, 08 Jul 2008 19:03:12 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1603-1                  security () debian org
http://www.debian.org/security/                           Florian Weimer
July 08, 2008                         http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : bind9
Vulnerability  : DNS cache poisoning
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2008-1447
CERT advisory  : VU#800113


Dan Kaminsky discovered that properties inherent to the DNS protocol
lead to practical DNS cache poisoning attacks.  Among other things,
successful attacks can lead to misdirected web traffic and email
rerouting.

This update changes Debian's BIND 9 packages to implement the
recommended countermeasure: UDP query source port randomization.  This
change increases the size of the space from which an attacker has to
guess values in a backwards-compatible fashion and makes successful
attacks significantly more difficult.

Note that this security update changes BIND network behavior in a
fundamental way, and the following steps are recommended to ensure a
smooth upgrade.


1. Make sure that your network configuration is compatible with source
port randomization.  If you guard your resolver with a stateless packet
filter, you may need to make sure that no non-DNS services listen on on
the 1024--65535 UDP port range and open it at the packet filter.  For
instance, packet filters based on etch's Linux 2.6.18 kernel only
support stateless filtering of IPv6 packets, and are therefore pose this
additional difficulty.  (If you use IPv4 with iptables and ESTABLISHED
rules, networking changes are likely not required.)

2. Install the BIND 9 upgrade, using "apt-get update" followed by
"apt-get install bind9".  Verify that the named process has been
restarted and answers recursive queries.  (If all queries result in
timeouts, this indicates that networking changes are necessary; see the
first step.)

3. Verify that source port randomization is active.  Check that the
/var/log/daemon.log file does not contain messages of the following
form

  named[6106]: /etc/bind/named.conf.options:28: using specific
    query-source port suppresses port randomization and can be insecure.

right after the "listening on IPv6 interface" and "listening on IPv4
interface" messages logged by BIND upon startup.  If these messages are
present, you should remove the indicated lines from the configuration,
or replace the port numbers contained within them with "*" sign (e.g.,
replace "port 53" with "port *").

For additional certainty, use tcpdump or some other network monitoring
tool to check for varying UDP source ports.  If there is a NAT device
in front of your resolver, make sure that it does not defeat the
effect of source port randomization.

4. If you cannot activate source port randomization, consider
configuring BIND 9 to forward queries to a resolver which can, possibly
over a VPN such as OpenVPN to create the necessary trusted network link.
(Use BIND's forward-only mode in this case.)


Other caching resolvers distributed by Debian (PowerDNS, MaraDNS,
Unbound) already employ source port randomization, and no updated
packages are needed.  BIND 9.5 up to and including version
1:9.5.0.dfsg-4 only implements a weak form of source port
randomization and needs to be updated as well.  For information on
BIND 8, see DSA-1604-1, and for the status of the libc stub resolver,
see DSA-1605-1.

The updated bind9 packages contain changes originally scheduled for
the next stable point release, including the changed IP address of
L.ROOT-SERVERS.NET (Debian bug #449148).

For the stable distribution (etch), this problem has been fixed in
version 9.3.4-2etch3.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your bind9 package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3.dsc
    Size/MD5 checksum:      897 aeb15f8babb1e6e38367b9f19fea87da
  http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4.orig.tar.gz
    Size/MD5 checksum:  4043577 198181d47c58a0a9c0265862cd5557b0
  http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3.diff.gz
    Size/MD5 checksum:   302126 521abea46b1104f2251cc398f30af303

Architecture independent packages:

  http://security.debian.org/pool/updates/main/b/bind9/bind9-doc_9.3.4-2etch3_all.deb
    Size/MD5 checksum:   189560 46ff778db82d2e171d292ecac93ea9b6

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch3_alpha.deb
    Size/MD5 checksum:    98154 bbdbcd3d0840f5ffcf4eaddf5a8c253f
  http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch3_alpha.deb
    Size/MD5 checksum:  1407380 ca8995875e76a25de6f32a47f62ea876
  http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch3_alpha.deb
    Size/MD5 checksum:   226088 93100774ae6da891caf9fa27a2134cdf
  http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch3_alpha.deb
    Size/MD5 checksum:   112616 bca5dcca8abff15f4f9cc911f9f94818
  http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3_alpha.deb
    Size/MD5 checksum:   322286 677fdcf8e9a8c272a08ed47a79e09209
  http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch3_alpha.deb
    Size/MD5 checksum:   190084 87d64554a1cdde9f58cc850f7d5961a1
  http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch3_alpha.deb
    Size/MD5 checksum:    96508 48ba9fc0e884f093e95988bd4e088b9c
  http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch3_alpha.deb
    Size/MD5 checksum:   564862 7b23948d7c741d4f287698d28385ce71
  http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch3_alpha.deb
    Size/MD5 checksum:   188742 5dd8024a9864137f4529785fcc9c9231
  http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch3_alpha.deb
    Size/MD5 checksum:   116534 2e7dc9ea95bae40dc396ff504abb03bb
  http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch3_alpha.deb
    Size/MD5 checksum:   115784 b961fd6c797a2d1422ae588bfc25ed9d

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch3_amd64.deb
    Size/MD5 checksum:   224294 4d33744bb92300b061cad41dd8de7ea5
  http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch3_amd64.deb
    Size/MD5 checksum:  1111932 e43ced7eae496d7835247a068bef4a66
  http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch3_amd64.deb
    Size/MD5 checksum:   190742 9e39ced5d3464594b9dda6ce683fc653
  http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3_amd64.deb
    Size/MD5 checksum:   319008 e36a35983ebc5061e8669ef7f004a851
  http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch3_amd64.deb
    Size/MD5 checksum:   552414 c93c2863bddd5661010ae3472e210aa8
  http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch3_amd64.deb
    Size/MD5 checksum:    95922 f114eb76add0d7dabad1d082d38ccf08
  http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch3_amd64.deb
    Size/MD5 checksum:   117072 a70d1d96ea01aa24fb9642e09133824f
  http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch3_amd64.deb
    Size/MD5 checksum:   187646 70372cec3522356dcd00901ea64714d4
  http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch3_amd64.deb
    Size/MD5 checksum:   111270 6dc6edfcca9fecb28c7e66d31ab14a74
  http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch3_amd64.deb
    Size/MD5 checksum:   114722 905d0f9b7b5ebc0308c54158e71d03cc
  http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch3_amd64.deb
    Size/MD5 checksum:    96704 09d3c850f12a6c1f6eab4e800a118c87

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch3_arm.deb
    Size/MD5 checksum:   107888 b2ea4933e233a1af8dd1e5ee641999a2
  http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch3_arm.deb
    Size/MD5 checksum:   112714 27b1fde9b144cacb1ae06a441d7c5787
  http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch3_arm.deb
    Size/MD5 checksum:   116076 cafc3294083de02518ab5fe0f0488c3b
  http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch3_arm.deb
    Size/MD5 checksum:   532206 a005bdff779fed950e4750231d0184b2
  http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch3_arm.deb
    Size/MD5 checksum:   187364 72fdca60a20876be71b678028cefc316
  http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch3_arm.deb
    Size/MD5 checksum:    95752 bce98b259a2821d59f6e6b441b491d77
  http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch3_arm.deb
    Size/MD5 checksum:   182950 26a15d51a4e6f1ea1dda99ab4d3ea34c
  http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch3_arm.deb
    Size/MD5 checksum:   217686 97f538e27ab7c765b514a9ce59869a41
  http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch3_arm.deb
    Size/MD5 checksum:    95168 374d7f18915fc8eb6b775d272cf28f2e
  http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch3_arm.deb
    Size/MD5 checksum:  1074498 fdada51888027e9c3e89961b31a48ded
  http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3_arm.deb
    Size/MD5 checksum:   311078 43d1c044b0cc81b072b8962ad3b8f019

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch3_hppa.deb
    Size/MD5 checksum:    96986 bba6d0a611b7088e284564b430f91405
  http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch3_hppa.deb
    Size/MD5 checksum:    97140 14f3dacd102208700660873637dea18b
  http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch3_hppa.deb
    Size/MD5 checksum:   185570 012eb78b091c0991988a95160df7d65d
  http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch3_hppa.deb
    Size/MD5 checksum:   115822 d717418b7ec770e5419e0941670eab19
  http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch3_hppa.deb
    Size/MD5 checksum:   543342 201331119c074430d503b68dc210e187
  http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch3_hppa.deb
    Size/MD5 checksum:  1258146 2f092d0708338d0a3ac8924218fee0d7
  http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3_hppa.deb
    Size/MD5 checksum:   315070 bc8d94bec7b1c8cf80f64fb72d1f38e5
  http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch3_hppa.deb
    Size/MD5 checksum:   187942 1cd85afac13850d1807a5b50b9d3262f
  http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch3_hppa.deb
    Size/MD5 checksum:   114612 912dc2007ca7cb6097a3e6a4e98897e3
  http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch3_hppa.deb
    Size/MD5 checksum:   217378 49276452262a155ba17db2ad8c66e3e2
  http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch3_hppa.deb
    Size/MD5 checksum:   113466 428d268ce8ad5386c1af758ca4cff2ce

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch3_i386.deb
    Size/MD5 checksum:   106034 ce4d4a024472317185d4c6492b7d30df
  http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch3_i386.deb
    Size/MD5 checksum:   180292 1fd02a86a31b68a8db2407904495a0db
  http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch3_i386.deb
    Size/MD5 checksum:    94838 9dbc2734dd8b8bb7c3e7684faabea64e
  http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch3_i386.deb
    Size/MD5 checksum:   206330 a22fb6cb47d6e449007d665b9e6d8c52
  http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch3_i386.deb
    Size/MD5 checksum:   113162 b9bc5fa7f96313235a53ab6fd819b58b
  http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch3_i386.deb
    Size/MD5 checksum:   472708 9edfb07c186a93aea1a2e602e0ee6335
  http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch3_i386.deb
    Size/MD5 checksum:    94822 d2fc00416dc090a535b280f48eee7f46
  http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch3_i386.deb
    Size/MD5 checksum:   169930 47c43c9738afb7ed72618930dc702ed3
  http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3_i386.deb
    Size/MD5 checksum:   296722 dd1979969210386fc36d119e19e12cc2
  http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch3_i386.deb
    Size/MD5 checksum:   996528 56db22ee21e053443e72ccd11a25181b
  http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch3_i386.deb
    Size/MD5 checksum:   110134 5491e4e33e43f1300840b62947690b7a

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch3_ia64.deb
    Size/MD5 checksum:   232052 eb9215cb2ba71ded815b4ca6f0ac0744
  http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch3_ia64.deb
    Size/MD5 checksum:    99978 ceee4c1dc16fdf2d7fefe1aee6d8dd85
  http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3_ia64.deb
    Size/MD5 checksum:   393324 553b67ca638482db8e1586d231f03abe
  http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch3_ia64.deb
    Size/MD5 checksum:   740264 a30c98b25296a147d47d7f44c8418883
  http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch3_ia64.deb
    Size/MD5 checksum:   127606 33d62368c2ce437e660708eb6b0ffe2b
  http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch3_ia64.deb
    Size/MD5 checksum:   216344 0a0b33f34dbeb744bd8af8ad8388048f
  http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch3_ia64.deb
    Size/MD5 checksum:   125806 3aafce71b9e4ecaf01602c409a355b54
  http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch3_ia64.deb
    Size/MD5 checksum:  1584302 d982b4443c38056cdeb80b327ee36f3a
  http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch3_ia64.deb
    Size/MD5 checksum:   117782 ae8ae735a8054ff473d305b06c90c68a
  http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch3_ia64.deb
    Size/MD5 checksum:   102432 4443f6e43cc1e4c7448965a0501bfe54
  http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch3_ia64.deb
    Size/MD5 checksum:   280866 c20244c3a06177b934ac804b382b85c7

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch3_mips.deb
    Size/MD5 checksum:   174012 cf61e15aa7c79b40ae94a3c1d08ba496
  http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3_mips.deb
    Size/MD5 checksum:   301476 4094fd919da162322ea07d62378cc664
  http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch3_mips.deb
    Size/MD5 checksum:   110326 be73e626902012ca986d4192804017e7
  http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch3_mips.deb
    Size/MD5 checksum:   180490 dde7f37a0a2456190461f5f26bf30ab6
  http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch3_mips.deb
    Size/MD5 checksum:  1229398 37af92bf5074d9a260fd4ff5346dc4b8
  http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch3_mips.deb
    Size/MD5 checksum:   211386 8083484e19ebc9099022954350c6baf7
  http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch3_mips.deb
    Size/MD5 checksum:    94992 46f858e2ed33a864539476d25bd9b44f
  http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch3_mips.deb
    Size/MD5 checksum:    94230 6bfa6b8d78c46567a341f6174f9aa874
  http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch3_mips.deb
    Size/MD5 checksum:   491862 fc2d747a29c0116da5936b4964ef8146
  http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch3_mips.deb
    Size/MD5 checksum:   113268 58fb17d2ee0415e13fdad4727534b6cc
  http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch3_mips.deb
    Size/MD5 checksum:   107912 5834642a56bb9548510f8cd0a3ae766f

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3_mipsel.deb
    Size/MD5 checksum:   299514 0b5de102f7ddf83d497498b320613556
  http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch3_mipsel.deb
    Size/MD5 checksum:   488260 7b85b99ea5c24f74e531bbd9056672e9
  http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch3_mipsel.deb
    Size/MD5 checksum:  1205384 a3211957988d4aaae40776ff41cf6a01
  http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch3_mipsel.deb
    Size/MD5 checksum:   113016 dddd0a37c778cd68696318a7adc1abcd
  http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch3_mipsel.deb
    Size/MD5 checksum:   110254 6754bc57fcac807b5569531f7e821802
  http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch3_mipsel.deb
    Size/MD5 checksum:   174148 23e91bbb42a44ca80535079660813277
  http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch3_mipsel.deb
    Size/MD5 checksum:   179630 fa26c51aa248cb502ac54544bdd6ced0
  http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch3_mipsel.deb
    Size/MD5 checksum:   210904 21784fc7019a384e78ecc94a10f4e315
  http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch3_mipsel.deb
    Size/MD5 checksum:    94936 2068abe2f2e78675ad94ea28579efc87
  http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch3_mipsel.deb
    Size/MD5 checksum:   107166 2cfce41a4fc41aa9986cdef01e09705d
  http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch3_mipsel.deb
    Size/MD5 checksum:    94098 c95a157cfa3feef62450afdef3fe65a8

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch3_powerpc.deb
    Size/MD5 checksum:   173606 9618a781d59f94f751e18db86cf6b948
  http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch3_powerpc.deb
    Size/MD5 checksum:   112276 e786724068250eb53c475a3e51035d51
  http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch3_powerpc.deb
    Size/MD5 checksum:   113842 4961da1e75c17f3f00621acfc06d10fe
  http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch3_powerpc.deb
    Size/MD5 checksum:   488428 b777fc3fe13b319817f955f116b40e83
  http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch3_powerpc.deb
    Size/MD5 checksum:  1167832 75f402f7bf328da5deee364f4266558d
  http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch3_powerpc.deb
    Size/MD5 checksum:    96204 57ec688c7f24161e347054dc93fbd757
  http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch3_powerpc.deb
    Size/MD5 checksum:    96170 77d5b9189a05f2b3dca7901bff6e56df
  http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3_powerpc.deb
    Size/MD5 checksum:   301276 dddf71278c1f4afbbc49019248f4328e
  http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch3_powerpc.deb
    Size/MD5 checksum:   109288 8fd2b3005fcf95e3616ec8a77b3ad322
  http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch3_powerpc.deb
    Size/MD5 checksum:   183310 b9eb85b58aaf29a3106d16410c0d379a
  http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch3_powerpc.deb
    Size/MD5 checksum:   206830 b286690dde8d1412c2de3fa99f7d3c5b

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch3_s390.deb
    Size/MD5 checksum:   114234 23a30b0e26db0210a1be48c4d44b6d7f
  http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3_s390.deb
    Size/MD5 checksum:   331864 7c3fab929f1e29873ecfc7c7c4b52ddc
  http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch3_s390.deb
    Size/MD5 checksum:   116656 8abeeeb22e800f63e4b30e0c2dd974e0
  http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch3_s390.deb
    Size/MD5 checksum:  1137342 820a17acdc24ef1dd0c1db7b8e6fc470
  http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch3_s390.deb
    Size/MD5 checksum:   233948 635487d4e6ea4d15704bb14b8cf9236c
  http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch3_s390.deb
    Size/MD5 checksum:   196598 2198086ee8c358aa3ed5046708a31f45
  http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch3_s390.deb
    Size/MD5 checksum:   194704 c897d956b11161ae8e31e4bffb489883
  http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch3_s390.deb
    Size/MD5 checksum:   118140 e5e11d59852a32dcd1b78b4aabd22fff
  http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch3_s390.deb
    Size/MD5 checksum:    95664 050d558c3d06e520fb4e6c6cebd520c3
  http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch3_s390.deb
    Size/MD5 checksum:   579484 6fc80f5cde0c2d01b49ae53f027eeecc
  http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch3_s390.deb
    Size/MD5 checksum:    97786 5dda64259aa80e1c2e085e7fc2430299

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3_sparc.deb
    Size/MD5 checksum:   300090 21095a9477d8db8bdbca300235ddc296
  http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch3_sparc.deb
    Size/MD5 checksum:   210606 8bd074b427b5f732c5584ca265bb2c28
  http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch3_sparc.deb
    Size/MD5 checksum:  1121664 2750abf3a8e3ffa54d1b15f6a5b6738e
  http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch3_sparc.deb
    Size/MD5 checksum:    94822 4e2634cf2561a237174a6863377b24cd
  http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch3_sparc.deb
    Size/MD5 checksum:   175248 4231a2791083fc82977535613d38ef2a
  http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch3_sparc.deb
    Size/MD5 checksum:   184036 aea98952994fb97c74df02ae4ed2f28d
  http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch3_sparc.deb
    Size/MD5 checksum:   107574 b6a3a3204c134d54dce2d8d79f77f647
  http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch3_sparc.deb
    Size/MD5 checksum:   493628 b5c5a9638091fd0d6543a405bfdefd53
  http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch3_sparc.deb
    Size/MD5 checksum:    94828 4657a6a42f7f2fac5ef96d273e9de4df
  http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch3_sparc.deb
    Size/MD5 checksum:   114258 32f88744a6e6e648377dda42ff910cbb
  http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch3_sparc.deb
    Size/MD5 checksum:   111158 a59dbf1edb5518b09b2993049922c01a


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce () lists debian org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBSHOID797/wQC1SS+AQLt/ggAjgiVFP8JkM02lokQLFu0LG7DwPfZUINz
3cn771JAPpFqeyW1UjuArHQlfhiiQ6Baxv2iCsF/TBabhqLggCRYjc+92d/0oQkh
qoqCqk475kC8Y3I0lrG+9l2hRqxrW4XRpY/O45rgxQ569ZrAm5i5zZFbx9cNpfrP
HP3KQ+hnQeLD9ci9kemgwFCI9w7PCCx3ns8ZqfNigEt6iiEqO5vrHOStfQNs96K0
wmmkyfKRGBuJIIXv+8vhxAcsqOmgyHpN0C+soUlsVSXmje2kpEljATvCBj/LRYXs
WueLQPQvx1kH/4mbJyXvAFNpAjF6HN5iW66nkXT96udtI1YbjTP4Tg==
=AJo4
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [SECURITY] [DSA 1603-1] New bind9 packages fix cache poisoning Florian Weimer (Jul 08)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault