Sicherheit: Denial of Service in BIND

Lesezeichen hinzufügen

This is a multi-part message in MIME format...

------------=_1339328352-3142-180

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:089
http://www.mandriva.com/security/
_______________________________________________________________________

Package : bind
Date : June 10, 2012
Affected: 2010.1, 2011., Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability was discovered and corrected in bind:

ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before
9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not
properly handle resource records with a zero-length RDATA section,
which allows remote DNS servers to cause a denial of service (daemon
crash or data corruption) or obtain sensitive information from process
memory via a crafted record (CVE-2012-1667).

The updated packages have been upgraded to bind 9.7.6-P1 and 9.8.3-P1
which is not vulnerable to this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667
http://www.isc.org/software/bind/advisories/cve-2012-1667
ftp://ftp.isc.org/isc/bind9/9.7.6-P1/RELEASE-NOTES-BIND-9.7.6-P1.txt
ftp://ftp.isc.org/isc/bind9/9.8.3-P1/RELEASE-NOTES-BIND-9.8.3-P1.txt
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2010.1:
a4136df144ce0ef0781484627484bc3f
2010.1/i586/bind-9.7.6-0.0.P1.0.1mdv2010.2.i586.rpm
830f7b84cf2891303b700f5336ee5e8d
2010.1/i586/bind-devel-9.7.6-0.0.P1.0.1mdv2010.2.i586.rpm
fc21a051f543d69e15bd4fe5e5cb10a0
2010.1/i586/bind-doc-9.7.6-0.0.P1.0.1mdv2010.2.i586.rpm
da27c14c4b98d3866682bc7e5d76ad8d
2010.1/i586/bind-utils-9.7.6-0.0.P1.0.1mdv2010.2.i586.rpm
f00a92647f3f43aa8f9d906dbf11094a
2010.1/SRPMS/bind-9.7.6-0.0.P1.0.1mdv2010.2.src.rpm

Mandriva Linux 2010.1/X86_64:
115a51a772e1ea94bf8af6bb28996bdb
2010.1/x86_64/bind-9.7.6-0.0.P1.0.1mdv2010.2.x86_64.rpm
d79ad8c6cb1a6b784d935b13a7b2fe15
2010.1/x86_64/bind-devel-9.7.6-0.0.P1.0.1mdv2010.2.x86_64.rpm
901e102627a664dad0f464cd385e7fb2
2010.1/x86_64/bind-doc-9.7.6-0.0.P1.0.1mdv2010.2.x86_64.rpm
60b40f20a525dfa67302252caf2bcb33
2010.1/x86_64/bind-utils-9.7.6-0.0.P1.0.1mdv2010.2.x86_64.rpm
f00a92647f3f43aa8f9d906dbf11094a
2010.1/SRPMS/bind-9.7.6-0.0.P1.0.1mdv2010.2.src.rpm

Mandriva Linux 2011:
16926abc70e854a0b58b7469ef1d77c7
2011/i586/bind-9.8.3-0.0.P1.0.1-mdv2011.0.i586.rpm
b265f7b3f622b60848f9659bbe6cd0a8
2011/i586/bind-devel-9.8.3-0.0.P1.0.1-mdv2011.0.i586.rpm
3b4e397326b5196736ce9c2f373c4447
2011/i586/bind-doc-9.8.3-0.0.P1.0.1-mdv2011.0.i586.rpm
e3c925102fee466f43be8a94cf0852da
2011/i586/bind-utils-9.8.3-0.0.P1.0.1-mdv2011.0.i586.rpm
a54ef9cfd588215069052d5ca3df8005 2011/SRPMS/bind-9.8.3-0.0.P1.0.1.src.rpm

Mandriva Linux 2011/X86_64:
f006220d59f7f9e9ff6f24d6dfb2719d
2011/x86_64/bind-9.8.3-0.0.P1.0.1-mdv2011.0.x86_64.rpm
e6d643c23141dd4b3312728001c03df5
2011/x86_64/bind-devel-9.8.3-0.0.P1.0.1-mdv2011.0.x86_64.rpm
ffc9fccb94a33172c5e0ca1984702bbf
2011/x86_64/bind-doc-9.8.3-0.0.P1.0.1-mdv2011.0.x86_64.rpm
a34967d48b339fb807e769b3a20788a9
2011/x86_64/bind-utils-9.8.3-0.0.P1.0.1-mdv2011.0.x86_64.rpm
a54ef9cfd588215069052d5ca3df8005 2011/SRPMS/bind-9.8.3-0.0.P1.0.1.src.rpm

Mandriva Enterprise Server 5:
c3aa5e672f6b03ff34be06ca8720df55
mes5/i586/bind-9.7.6-0.0.P1.0.1mdvmes5.2.i586.rpm
ac267bb10d0403e2eed5982441dc833e
mes5/i586/bind-devel-9.7.6-0.0.P1.0.1mdvmes5.2.i586.rpm
cde8a82803d1562b1d63c632db9b15ac
mes5/i586/bind-doc-9.7.6-0.0.P1.0.1mdvmes5.2.i586.rpm
a53c6290a90c9fd6b11fd1f68686bcca
mes5/i586/bind-utils-9.7.6-0.0.P1.0.1mdvmes5.2.i586.rpm
1c9f0bbac5e8683cf36c119fce7fb1f5
mes5/SRPMS/bind-9.7.6-0.0.P1.0.1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
552f5c44303d73c8701e174fd6555e68
mes5/x86_64/bind-9.7.6-0.0.P1.0.1mdvmes5.2.x86_64.rpm
9ace83917f5db66354b58dd085488f2e
mes5/x86_64/bind-devel-9.7.6-0.0.P1.0.1mdvmes5.2.x86_64.rpm
3cf233df1f5e677b120ec3c26333b9ff
mes5/x86_64/bind-doc-9.7.6-0.0.P1.0.1mdvmes5.2.x86_64.rpm
69a3801fcecbd480f97aa7825714f8fd
mes5/x86_64/bind-utils-9.7.6-0.0.P1.0.1mdvmes5.2.x86_64.rpm
1c9f0bbac5e8683cf36c119fce7fb1f5
mes5/SRPMS/bind-9.7.6-0.0.P1.0.1mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFP1FjRmqjQ0CJFipgRAjWhAKDCW3YpIL8J6xcMyNU9ipEJXLa+qACgqkEc
wr9IaDsAueQ2fsX+Lg0P+Bg=
=y/KY
-----END PGP SIGNATURE-----

------------=_1339328352-3142-180
Content-Type: text/plain; charset="UTF-8";
name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1339328352-3142-180--