Login
Newsletter
Werbung
Sicherheit: Mangelnde Prüfung von Zertifikaten in bind
Aktuelle Meldungen Distributionen
Name: Mangelnde Prüfung von Zertifikaten in bind
ID: MDKSA-2006:207
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0, Mandriva Multi Network Firewall 2.0, Mandriva 2006.0, Mandriva Corporate 4.0, Mandriva 2007.0
Datum: Mi, 15. November 2006, 04:29
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
http://marc.theaimsgroup.com/?l=bind-announce&m=116253119512445
Applikationen: BIND

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1163561338-16192-1836


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:207
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : bind
 Date    : November 14, 2006
 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 The BIND DNS server is vulnerable to the recently-discovered OpenSSL
 RSA signature verification problem (CVE-2006-4339).  BIND uses RSA
 cryptography as part of its DNSSEC implementation.  As a result, to
 resolve the security issue, these packages need to be upgraded and for
 both KEY and DNSKEY record types, new RSASHA1 and RSAMD5 keys need to
 be generated using the "-e" option of dnssec-keygen, if the current
 keys were generated using the default exponent of 3.

 You are able to determine if your keys are vulnerable by looking at the
 algorithm (1 or 5) and the first three characters of the Base64 encoded
 RSA key.  RSAMD5 (1) and RSASHA1 (5) keys that start with "AQM",
 "AQN",
 "AQO", or "AQP" are vulnerable.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
 http://marc.theaimsgroup.com/?l=bind-announce&m=116253119512445
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 1035f92172986ed63ca035de0603a0fd  2006.0/i586/bind-9.3.1-4.2.20060mdk.i586.rpm
 4f5949d85f13c68220f4f5f030f63849 
 2006.0/i586/bind-devel-9.3.1-4.2.20060mdk.i586.rpm
 f201e05548b673268038e95225451085 
 2006.0/i586/bind-utils-9.3.1-4.2.20060mdk.i586.rpm 
 4f57cbdc960171c439223f5c20952460  2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 83b6c31bef9e4df229e2fe5cf8c3aa2a 
 2006.0/x86_64/bind-9.3.1-4.2.20060mdk.x86_64.rpm
 fb03e9a493645041816c206267a052f4 
 2006.0/x86_64/bind-devel-9.3.1-4.2.20060mdk.x86_64.rpm
 f54babadfba3ec593563724208df1eaa 
 2006.0/x86_64/bind-utils-9.3.1-4.2.20060mdk.x86_64.rpm 
 4f57cbdc960171c439223f5c20952460  2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm

 Mandriva Linux 2007.0:
 6c282a7b5c3cfec534e2557926005bbf  2007.0/i586/bind-9.3.2-8.1mdv2007.0.i586.rpm
 03390448f140777d62cdd76e50361526 
 2007.0/i586/bind-devel-9.3.2-8.1mdv2007.0.i586.rpm
 7546dc98ff5e8061636a3a75d6b318fb 
 2007.0/i586/bind-utils-9.3.2-8.1mdv2007.0.i586.rpm 
 8be8a7d591971e760d1251bd75f97a6c  2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 c190d522505a16aa97891f525e0034a4 
 2007.0/x86_64/bind-9.3.2-8.1mdv2007.0.x86_64.rpm
 594cacdac86db81b0c62a7380c6a3a2d 
 2007.0/x86_64/bind-devel-9.3.2-8.1mdv2007.0.x86_64.rpm
 e827e65717615868896e43bcb4856f2d 
 2007.0/x86_64/bind-utils-9.3.2-8.1mdv2007.0.x86_64.rpm 
 8be8a7d591971e760d1251bd75f97a6c  2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm

 Corporate 3.0:
 fa096b2fac1840797e382ba61728d47e 
 corporate/3.0/i586/bind-9.2.3-6.2.C30mdk.i586.rpm
 0f1e56f1f3a2689443c04b52d8ce5545 
 corporate/3.0/i586/bind-devel-9.2.3-6.2.C30mdk.i586.rpm
 99bf1f4127e97b8941b597aa5e19aa0a 
 corporate/3.0/i586/bind-utils-9.2.3-6.2.C30mdk.i586.rpm 
 2b49bd9c7edf8bd81b297260b54de32d 
 corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 e74bea44aee406d11c87227584790c26 
 corporate/3.0/x86_64/bind-9.2.3-6.2.C30mdk.x86_64.rpm
 b108edf227b55f3af3ab55b48c23a62a 
 corporate/3.0/x86_64/bind-devel-9.2.3-6.2.C30mdk.x86_64.rpm
 ba548cbba992f479ad40ecf0808f36cb 
 corporate/3.0/x86_64/bind-utils-9.2.3-6.2.C30mdk.x86_64.rpm 
 2b49bd9c7edf8bd81b297260b54de32d 
 corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm

 Corporate 4.0:
 8bfc97510d4f07568d64c9b9872b4bba 
 corporate/4.0/i586/bind-9.3.2-7.1.20060mlcs4.i586.rpm
 dda709703f8bf05f1ff59ae6132a81a7 
 corporate/4.0/i586/bind-devel-9.3.2-7.1.20060mlcs4.i586.rpm
 daf59d23abaaaf62c990d2fa1155688c 
 corporate/4.0/i586/bind-utils-9.3.2-7.1.20060mlcs4.i586.rpm 
 ccfd1d4d79b168ab5f7998e51c305a26 
 corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 3d1bbe1e7d4f2de6e546996e181a16b0 
 corporate/4.0/x86_64/bind-9.3.2-7.1.20060mlcs4.x86_64.rpm
 c1b8467d62623ef5daf35a696ab2389e 
 corporate/4.0/x86_64/bind-devel-9.3.2-7.1.20060mlcs4.x86_64.rpm
 83cf57110f107c450aaac5931ee52ecb 
 corporate/4.0/x86_64/bind-utils-9.3.2-7.1.20060mlcs4.x86_64.rpm 
 ccfd1d4d79b168ab5f7998e51c305a26 
 corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 abd228e7f0b762ae8c11c8ecd90200c2  mnf/2.0/i586/bind-9.2.3-6.2.M20mdk.i586.rpm
 dd7b0785e31880a09d10957695c0552d 
 mnf/2.0/i586/bind-devel-9.2.3-6.2.M20mdk.i586.rpm
 0a2052e5f263b8b8d94111a581928c57 
 mnf/2.0/i586/bind-utils-9.2.3-6.2.M20mdk.i586.rpm 
 eff2c78779b4285783ffea14e6e33c31  mnf/2.0/SRPMS/bind-9.2.3-6.2.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFWlnDmqjQ0CJFipgRAvl+AKCd5q51CkdHf1UnUJ4imb9Fzl5mZQCfaW5Z
6faoicEmIFqGW4QuEVIhCbU=
=bI0u
-----END PGP SIGNATURE-----


------------=_1163561338-16192-1836
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1163561338-16192-1836--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung