Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDVSA-2009:181 ] bind
From: security () mandriva com
Date: Wed, 29 Jul 2009 22:53:01 +0200


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:181
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : bind
 Date    : July 29, 2009
 Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
           Enterprise Server 5.0, Multi Network Firewall 2.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in ISC BIND:
 
 The dns_db_findrdataset function in db.c in named in ISC BIND 9.4
 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when
 configured as a master server, allows remote attackers to cause
 a denial of service (assertion failure and daemon exit) via an ANY
 record in the prerequisite section of a crafted dynamic update message,
 as exploited in the wild in July 2009 (CVE-2009-0696).
 
 This update provides fixes for this vulnerability.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696
 https://www.isc.org/node/474
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 e6954e8c6ec43b4c6a142e25db1ee607  2008.1/i586/bind-9.5.0-3.4mdv2008.1.i586.rpm
 81e0917fe1690770b1a975e54a400a44  2008.1/i586/bind-devel-9.5.0-3.4mdv2008.1.i586.rpm
 cb4f4760ce0c1c1bd043ef4a13d1f101  2008.1/i586/bind-doc-9.5.0-3.4mdv2008.1.i586.rpm
 392f91ef627ecc26ac42cfc2f5834ecf  2008.1/i586/bind-utils-9.5.0-3.4mdv2008.1.i586.rpm 
 1172f4549217df6e70ee0efa6160b718  2008.1/SRPMS/bind-9.5.0-3.4mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 e655a1b5bc45d99866fa8955417daf8a  2008.1/x86_64/bind-9.5.0-3.4mdv2008.1.x86_64.rpm
 caacb8c2054722652a7f3ee052529b52  2008.1/x86_64/bind-devel-9.5.0-3.4mdv2008.1.x86_64.rpm
 675ed9b7e36c82830974231143d48e54  2008.1/x86_64/bind-doc-9.5.0-3.4mdv2008.1.x86_64.rpm
 4ca2b9b2fee2d3d1ba713e99e35e56a4  2008.1/x86_64/bind-utils-9.5.0-3.4mdv2008.1.x86_64.rpm 
 1172f4549217df6e70ee0efa6160b718  2008.1/SRPMS/bind-9.5.0-3.4mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 2265c306b34a926e8c4b63f310ca4318  2009.0/i586/bind-9.5.0-6.4mdv2009.0.i586.rpm
 1dae5953fc557b5a88679e37f590e287  2009.0/i586/bind-devel-9.5.0-6.4mdv2009.0.i586.rpm
 b82af709c2801f4d111cc5a295806929  2009.0/i586/bind-doc-9.5.0-6.4mdv2009.0.i586.rpm
 0bba8fe3d466765c3d163963e33dcd1c  2009.0/i586/bind-utils-9.5.0-6.4mdv2009.0.i586.rpm 
 3bf489be108ec7613f0de79b5771980c  2009.0/SRPMS/bind-9.5.0-6.4mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 b571f86841123623cbdb3dadee4e6d40  2009.0/x86_64/bind-9.5.0-6.4mdv2009.0.x86_64.rpm
 e49c9641971fdab0686e41e5c66dfa28  2009.0/x86_64/bind-devel-9.5.0-6.4mdv2009.0.x86_64.rpm
 4e836a0efeb07fa84321ddb4d79fa214  2009.0/x86_64/bind-doc-9.5.0-6.4mdv2009.0.x86_64.rpm
 91cfe29ee1fc761bd061c014419a98a1  2009.0/x86_64/bind-utils-9.5.0-6.4mdv2009.0.x86_64.rpm 
 3bf489be108ec7613f0de79b5771980c  2009.0/SRPMS/bind-9.5.0-6.4mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 1574e7cbe3f99be7528a5a4bba0b3c36  2009.1/i586/bind-9.6.0-5.1mdv2009.1.i586.rpm
 997bcefef70cfc0fd64de97d475bd8ef  2009.1/i586/bind-devel-9.6.0-5.1mdv2009.1.i586.rpm
 d7d97138aa182a78ede02ce936ec621e  2009.1/i586/bind-doc-9.6.0-5.1mdv2009.1.i586.rpm
 64efbfdb6205e36d0d82e4c46f888933  2009.1/i586/bind-utils-9.6.0-5.1mdv2009.1.i586.rpm 
 f64f798351976a450ba3756dd0fea502  2009.1/SRPMS/bind-9.6.0-5.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 7b2b3a7e9ffd634066da56b16f48c5ad  2009.1/x86_64/bind-9.6.0-5.1mdv2009.1.x86_64.rpm
 6ce05498dcb76c23822cd15f0d9817d0  2009.1/x86_64/bind-devel-9.6.0-5.1mdv2009.1.x86_64.rpm
 60f42f942cea6b39807ffafe64ae9648  2009.1/x86_64/bind-doc-9.6.0-5.1mdv2009.1.x86_64.rpm
 1ed29f65cfe371a0770ac4e08d15c595  2009.1/x86_64/bind-utils-9.6.0-5.1mdv2009.1.x86_64.rpm 
 f64f798351976a450ba3756dd0fea502  2009.1/SRPMS/bind-9.6.0-5.1mdv2009.1.src.rpm

 Corporate 3.0:
 22fbe7ff4f3a62c34130d41cdfe17440  corporate/3.0/i586/bind-9.2.3-6.8.C30mdk.i586.rpm
 9a60dfe70446c27a570746495e454855  corporate/3.0/i586/bind-devel-9.2.3-6.8.C30mdk.i586.rpm
 29c99438058a46b60922d5c15c1f5369  corporate/3.0/i586/bind-utils-9.2.3-6.8.C30mdk.i586.rpm 
 18203a5552b8762360078ca0b6508536  corporate/3.0/SRPMS/bind-9.2.3-6.8.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 7510ae88d8625a3172dfd26e8873fd8d  corporate/3.0/x86_64/bind-9.2.3-6.8.C30mdk.x86_64.rpm
 fabf1e537f98e0de07912a6c60f2f648  corporate/3.0/x86_64/bind-devel-9.2.3-6.8.C30mdk.x86_64.rpm
 21ee584f94d252b6ff6d9ea89c61abb1  corporate/3.0/x86_64/bind-utils-9.2.3-6.8.C30mdk.x86_64.rpm 
 18203a5552b8762360078ca0b6508536  corporate/3.0/SRPMS/bind-9.2.3-6.8.C30mdk.src.rpm

 Corporate 4.0:
 3e3e68b286742686c972aecff9a821f7  corporate/4.0/i586/bind-9.3.5-0.7.20060mlcs4.i586.rpm
 e56467e964a808c4ba84ac5b59dd6424  corporate/4.0/i586/bind-devel-9.3.5-0.7.20060mlcs4.i586.rpm
 8a01ede152e11e28b4e1db96b562c046  corporate/4.0/i586/bind-utils-9.3.5-0.7.20060mlcs4.i586.rpm 
 116ed44cd0dd21258aa7824e9a660bc4  corporate/4.0/SRPMS/bind-9.3.5-0.7.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 4efab5c2fb9acd53199f9730fde4d56d  corporate/4.0/x86_64/bind-9.3.5-0.7.20060mlcs4.x86_64.rpm
 bacca9e65e9940c5faa0d5d8c6e2b8aa  corporate/4.0/x86_64/bind-devel-9.3.5-0.7.20060mlcs4.x86_64.rpm
 4ee28311421e5a715d7494eab41d486b  corporate/4.0/x86_64/bind-utils-9.3.5-0.7.20060mlcs4.x86_64.rpm 
 116ed44cd0dd21258aa7824e9a660bc4  corporate/4.0/SRPMS/bind-9.3.5-0.7.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 c595df5d7837f1e2fa28c741dcb0b073  mes5/i586/bind-9.5.0-6.4mdvmes5.i586.rpm
 53f5197e2ff0adb2590f796813a843bd  mes5/i586/bind-devel-9.5.0-6.4mdvmes5.i586.rpm
 267c0a8de1771e35f575869cc9296fbf  mes5/i586/bind-doc-9.5.0-6.4mdvmes5.i586.rpm
 fd370574fcbab1d29a263b2984e84992  mes5/i586/bind-utils-9.5.0-6.4mdvmes5.i586.rpm 
 662f581bbcb2769ae7592dcdfa89338b  mes5/SRPMS/bind-9.5.0-6.4mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 71c58946ec1a3e1c97abf95956e2bbd5  mes5/x86_64/bind-9.5.0-6.4mdvmes5.x86_64.rpm
 4c2a8234aaef6d6d6a38f68c121360f6  mes5/x86_64/bind-devel-9.5.0-6.4mdvmes5.x86_64.rpm
 80f122911d2b83b12e45c83c7733cde8  mes5/x86_64/bind-doc-9.5.0-6.4mdvmes5.x86_64.rpm
 c305c929f1bbb0007c7d6480d8d7a184  mes5/x86_64/bind-utils-9.5.0-6.4mdvmes5.x86_64.rpm 
 662f581bbcb2769ae7592dcdfa89338b  mes5/SRPMS/bind-9.5.0-6.4mdvmes5.src.rpm

 Multi Network Firewall 2.0:
 8cce4c7c205c4bed1d745583d0aa6727  mnf/2.0/i586/bind-9.2.3-6.8.C30mdk.i586.rpm
 cab4d48d43a88546914e40d91c2024ec  mnf/2.0/i586/bind-devel-9.2.3-6.8.C30mdk.i586.rpm
 bc1ed470759bf793159cfc7ac966c661  mnf/2.0/i586/bind-utils-9.2.3-6.8.C30mdk.i586.rpm 
 e4a352e32611c30df4ba2a5154ff9ab2  mnf/2.0/SRPMS/bind-9.2.3-6.8.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKcIiHmqjQ0CJFipgRAiITAJ9w9mLoi0MUZpc8uTCL44E9JvJU4wCgm1D3
b1R19QdVVKyTws4xZhfaesw=
=WzGU
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [ MDVSA-2009:181 ] bind security (Jul 29)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]