drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in BIND
Name: |
Zwei Probleme in BIND |
|
ID: |
USN-1462-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 11.04, Ubuntu 11.10, Ubuntu 12.04 LTS |
|
Datum: |
Di, 5. Juni 2012, 22:33 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1033
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667 |
|
Applikationen: |
BIND |
|
Originalnachricht |
--===============5422274576228302296== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-RIHNQf1Fp19BeeCmxf1W"
--=-RIHNQf1Fp19BeeCmxf1W Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1462-1 June 05, 2012
bind9 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS
Summary:
Bind could be made to crash if it received specially crafted network traffic.
Software Description: - bind9: Internet Domain Name Server
Details:
Dan Luther discovered that Bind incorrectly handled zero length rdata fields. A remote attacker could use this flaw to cause Bind to crash or behave erratically, resulting in a denial of service. (CVE-2012-1667)
It was discovered that Bind incorrectly handled revoked domain names. A remote attacker could use this flaw to cause malicious domain names to be continuously resolvable even after they have been revoked. (CVE-2012-1033)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 LTS: libdns81 1:9.8.1.dfsg.P1-4ubuntu0.1
Ubuntu 11.10: libdns69 1:9.7.3.dfsg-1ubuntu4.2
Ubuntu 11.04: libdns69 1:9.7.3.dfsg-1ubuntu2.4
Ubuntu 10.04 LTS: libdns64 1:9.7.0.dfsg.P1-1ubuntu0.5
Ubuntu 8.04 LTS: libdns36 1:9.4.2.dfsg.P2-2ubuntu0.10
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1462-1 CVE-2012-1033, CVE-2012-1667
Package Information: https://launchpad.net/ubuntu/+source/bind9/1:9.8.1.dfsg.P1-4ubuntu0.1 https://launchpad.net/ubuntu/+source/bind9/1:9.7.3.dfsg-1ubuntu4.2 https://launchpad.net/ubuntu/+source/bind9/1:9.7.3.dfsg-1ubuntu2.4 https://launchpad.net/ubuntu/+source/bind9/1:9.7.0.dfsg.P1-1ubuntu0.5 https://launchpad.net/ubuntu/+source/bind9/1:9.4.2.dfsg.P2-2ubuntu0.10
--ÛIHNQf1Fp19BeeCmxf1W Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJPzlY7AAoJEGVp2FWnRL6T5GQP/3tPUS0KspXUHf4vNDzAsayl CWUXi+qqXypwqbfIs87AaD8weQhWrhaQaRXuIWbwlxaIlnxz2qm54yVELIT8nTc/ szoqhUTM4BGprcAkXXcX1aCcnH2JoNZNgIpUBoRUEvgI/bzYcmPCm9A93Z0/PFwv 8ahMYX3MS4fM2/udub19jou9ZbS9N0bg/DaFVUtAU3Um2eJ+BVB7aLPVuaO8V69A gfLzh7HZuqH0AzaSDParvpk9WDpiaHVhptE+YpDNq1vnSExr0Ww8e3rj1hTcUNm7 ZCZ9uojAHs626zyCvg4CeZq0PZCT/7yGHpSZPhr46ttebTyTlzmUWlziwDitUJ0k BMW0P+7gLNmh+WR8U3kQ8VKmCvFiJ4sIof6pwaSuW5NP43zrsuD8E86xqVFMGvlX dgwez+vc0hBMaPRD7aVz70/DAi9Fvsb2pemOz6mRodJdUZiBFTjxPfHP/E8Tp38W BvUFglo7donmb1pXTv6CJwsqp0YEAqbd54ljv9td4GQw7OChs48mL1n5BZ/S6fZU W3w7YMgm8LRSyaOMbnpC/4eVJF6nnouni6qZwPm1YlUlr3SZt8InoZnBKmkNaRs9 JiP7AhkPot9ZA7/y4xBxXhB6/yubWJuznF9V48sOeW2PA+h1nFWDUtxXd1eAa/Qc rkvs2h2XyqMI8aMt0Bp5 =+mS4 -----END PGP SIGNATURE-----
--=-RIHNQf1Fp19BeeCmxf1W--
--===============5422274576228302296== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============5422274576228302296==--
|
|
|
|