Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDVSA-2009:304 ] bind
From: security () mandriva com
Date: Thu, 26 Nov 2009 20:42:00 +0100


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:304
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : bind
 Date    : November 26, 2009
 Affected: 2009.0, 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Some vulnerabilities were discovered and corrected in bind:
 
 Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5
 before 9.5.2-P1, 9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3,
 and 9.0.x through 9.3.x with DNSSEC validation enabled and checking
 disabled (CD), allows remote attackers to conduct DNS cache poisoning
 attacks via additional sections in a response sent for resolution
 of a recursive client query, which is not properly handled when the
 response is processed at the same time as requesting DNSSEC records
 (DO). (CVE-2009-4022).
 
 Additionally BIND has been upgraded to the latest point release or
 closest supported version by ISC.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022
 https://www.isc.org/node/504
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 350aede988c5fea9c534c9f6b453a6d9  2009.0/i586/bind-9.5.2-0.1mdv2009.0.i586.rpm
 63dae25d60dce8878a87b0eeaa457285  2009.0/i586/bind-devel-9.5.2-0.1mdv2009.0.i586.rpm
 b3e98fd47dbff14ad213a8ca8a6e466d  2009.0/i586/bind-doc-9.5.2-0.1mdv2009.0.i586.rpm
 fa56daa8b48c17fbcf9e0d59ded29123  2009.0/i586/bind-utils-9.5.2-0.1mdv2009.0.i586.rpm 
 75ef743d58dbfc382e88fef13788f71f  2009.0/SRPMS/bind-9.5.2-0.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 12d89eb11dda9285afdcd1e315c47261  2009.0/x86_64/bind-9.5.2-0.1mdv2009.0.x86_64.rpm
 7314c3bdb02a8d332a5c809ade05ffa8  2009.0/x86_64/bind-devel-9.5.2-0.1mdv2009.0.x86_64.rpm
 c87e38d4da7e29bcf756afce7266dc96  2009.0/x86_64/bind-doc-9.5.2-0.1mdv2009.0.x86_64.rpm
 0c7822fea0b4b39fb1330c98c3ac72e6  2009.0/x86_64/bind-utils-9.5.2-0.1mdv2009.0.x86_64.rpm 
 75ef743d58dbfc382e88fef13788f71f  2009.0/SRPMS/bind-9.5.2-0.1mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 85b9888ba8e24104787ee69eaa471f5d  2009.1/i586/bind-9.6.1-0.1mdv2009.1.i586.rpm
 e251bc5c2c1065c0ceefa31b6fa7b8a9  2009.1/i586/bind-devel-9.6.1-0.1mdv2009.1.i586.rpm
 53f7c3477e5d3f3ebc3376ecb63a2eec  2009.1/i586/bind-doc-9.6.1-0.1mdv2009.1.i586.rpm
 144e76e8e28f839dafd1a0c2816345a8  2009.1/i586/bind-utils-9.6.1-0.1mdv2009.1.i586.rpm 
 d11449cedd0e738e27518e5f65c06628  2009.1/SRPMS/bind-9.6.1-0.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 5a8c68cf6b92bcb1de285aa151550806  2009.1/x86_64/bind-9.6.1-0.1mdv2009.1.x86_64.rpm
 224a8d280a689e2918c99f50d95a286b  2009.1/x86_64/bind-devel-9.6.1-0.1mdv2009.1.x86_64.rpm
 d2339b9352a58a33e3e347d30f3112af  2009.1/x86_64/bind-doc-9.6.1-0.1mdv2009.1.x86_64.rpm
 9af5d666780c971c014e4703a02735f5  2009.1/x86_64/bind-utils-9.6.1-0.1mdv2009.1.x86_64.rpm 
 d11449cedd0e738e27518e5f65c06628  2009.1/SRPMS/bind-9.6.1-0.1mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 370e9b2a7a28cbed55406fe55726362d  2010.0/i586/bind-9.6.1-4.1mdv2010.0.i586.rpm
 a5ac29331aee65433a5892cd836f0c98  2010.0/i586/bind-devel-9.6.1-4.1mdv2010.0.i586.rpm
 e7cc049f431f380300371341d5310c61  2010.0/i586/bind-doc-9.6.1-4.1mdv2010.0.i586.rpm
 2e1ca9662985205be96c85ffda316da1  2010.0/i586/bind-utils-9.6.1-4.1mdv2010.0.i586.rpm 
 11cb180925f7705960f23d853fa75a82  2010.0/SRPMS/bind-9.6.1-4.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 3cc9cd36796d0e385d0768fca4e1df26  2010.0/x86_64/bind-9.6.1-4.1mdv2010.0.x86_64.rpm
 f4544efd9648274c057ff83340d9dbfb  2010.0/x86_64/bind-devel-9.6.1-4.1mdv2010.0.x86_64.rpm
 6110c4726cc972c0226ffa89264c2d3a  2010.0/x86_64/bind-doc-9.6.1-4.1mdv2010.0.x86_64.rpm
 fbb65979f1b2c1184a4511eb554d9705  2010.0/x86_64/bind-utils-9.6.1-4.1mdv2010.0.x86_64.rpm 
 11cb180925f7705960f23d853fa75a82  2010.0/SRPMS/bind-9.6.1-4.1mdv2010.0.src.rpm

 Corporate 4.0:
 efa9da62f2e60853b87767f00ca547ef  corporate/4.0/i586/bind-9.4.3-0.1.20060mlcs4.i586.rpm
 7527a21df42df4e7868ba61879f42518  corporate/4.0/i586/bind-devel-9.4.3-0.1.20060mlcs4.i586.rpm
 7646549a4dcc5f65e8ea6f8067e95070  corporate/4.0/i586/bind-utils-9.4.3-0.1.20060mlcs4.i586.rpm 
 36463b1e9d167038f904ca7df177898b  corporate/4.0/SRPMS/bind-9.4.3-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 e41861745bb151fb5efc1bf9b50f6505  corporate/4.0/x86_64/bind-9.4.3-0.1.20060mlcs4.x86_64.rpm
 9dd765db9f38a16221a275b96281802f  corporate/4.0/x86_64/bind-devel-9.4.3-0.1.20060mlcs4.x86_64.rpm
 4ae28b93e75875ec58e3bb5dbc39494d  corporate/4.0/x86_64/bind-utils-9.4.3-0.1.20060mlcs4.x86_64.rpm 
 36463b1e9d167038f904ca7df177898b  corporate/4.0/SRPMS/bind-9.4.3-0.1.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 4c906960098af8693448ac5cb3766379  mes5/i586/bind-9.5.2-0.1mdvmes5.i586.rpm
 9628b329b44d2d5969f7ff277d3d7f0b  mes5/i586/bind-devel-9.5.2-0.1mdvmes5.i586.rpm
 5e4096b88a627c1dec4238dfcf401ba2  mes5/i586/bind-doc-9.5.2-0.1mdvmes5.i586.rpm
 dcc67d5dc6e2df19b70bfc7eb07e3633  mes5/i586/bind-utils-9.5.2-0.1mdvmes5.i586.rpm 
 78aa573ae412f837d942225a77e56398  mes5/SRPMS/bind-9.5.2-0.1mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 4bc1fb9a2260d4dda412102e7eca322b  mes5/x86_64/bind-9.5.2-0.1mdvmes5.x86_64.rpm
 bf243b38288fd02299fe250547060d9d  mes5/x86_64/bind-devel-9.5.2-0.1mdvmes5.x86_64.rpm
 c5913b8326477c600d4bd5f3524218ec  mes5/x86_64/bind-doc-9.5.2-0.1mdvmes5.x86_64.rpm
 e555c924894703f24d91f9e4c7715927  mes5/x86_64/bind-utils-9.5.2-0.1mdvmes5.x86_64.rpm 
 78aa573ae412f837d942225a77e56398  mes5/SRPMS/bind-9.5.2-0.1mdvmes5.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLDqxBmqjQ0CJFipgRAq5SAKCtfakAexWy/C5PkEsNrFfrk7gQHwCgvY9R
pmiCd4VANBSFJKkMchIBpjE=
=q1sN
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [ MDVSA-2009:304 ] bind security (Nov 26)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault