Login
Newsletter
Werbung
Sicherheit: Mangelnde Prüfung von Zertifikaten in bind
Aktuelle Meldungen Distributionen
Name: Mangelnde Prüfung von Zertifikaten in bind
ID: TLSA-2009-4
Distribution: TurboLinux
Plattformen: Turbolinux Client 2008, Turbolinux 10 Server, Turbolinux 10 Server x64 Edition, Turbolinux Appliance Server 2.0, Turbolinux 11 Server x64 Edition, Turbolinux 11 Server, Turbolinux Appliance Server 1.0 Hosting Edition, Turbolinux Appliance Server 1.0 Workgroup Edition
Datum: Fr, 6. Februar 2009, 03:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025
Applikationen: BIND

Originalnachricht

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2009-4
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 05 Feb 2009
 Last revised: 05 Feb 2009

 Package: bind

 Summary: return value check vulnerability

 More information:
    Bind includes the named name server, which resolves host names to IP
    addresses (and vice versa), and a resolver library (a set of routines
    in a system library that provide the interface for programs to use when
    accessing domain name services). 

    BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check
    the return value from the OpenSSL DSA_verify function, which allows
    remote attackers to bypass validation of the certificate chain via
    a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
 (CVE-2009-0025)

 Affected Products:
    - Turbolinux Client 2008
    - Turbolinux 11 Server x64 Edition
    - Turbolinux 11 Server
    - Turbolinux Appliance Server 2.0
    - Turbolinux 10 Server x64 Edition
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 10 Server


 <Turbolinux Client 2008>

   Source Packages
   Size: MD5

   bind-9.4.2-2.src.rpm
      6497266 9ee135d4f3fe6a886c7c8d63ef64f058

   Binary Packages
   Size: MD5

   bind-devel-9.4.2-2.i586.rpm
      5078960 1328e144e4f54e42ed62b393e8e42584
   bind-libs-9.4.2-2.i586.rpm
       897939 dfc78a541f1cbfbd1ba8b6292c296922
   bind-utils-9.4.2-2.i586.rpm
       374311 7589d1d02014ce1cc4039e86efa7020d

 <Turbolinux Appliance Server 3.0 x64 Edition>

   Source Packages
   Size: MD5

   bind-9.4.2-3.src.rpm
      6496712 feca0aa98ce421e0431975a09f6cb6ac

   Binary Packages
   Size: MD5

   bind-9.4.2-3.x86_64.rpm
      1653189 10c6bd399bbb8d1e1008173d549f2282
   bind-chroot-9.4.2-3.x86_64.rpm
        14630 e1553c0063cf5755aefd01e219a28cea
   bind-libs-9.4.2-3.x86_64.rpm
       927378 247bde05e7401b3849235f473ee68578
   bind-sdb-9.4.2-3.x86_64.rpm
       220580 8c0d075d5c4232dbfdcfca09176ad6ef
   bind-utils-9.4.2-3.x86_64.rpm
       378219 3abd70af40345e7634a9c2c0082c828d

 <Turbolinux Appliance Server 3.0>

   Source Packages
   Size: MD5

   bind-9.4.2-3.src.rpm
      6496712 feca0aa98ce421e0431975a09f6cb6ac

   Binary Packages
   Size: MD5

   bind-9.4.2-3.i686.rpm
      1632673 3a0a68019446de06e41ee20227e307eb
   bind-chroot-9.4.2-3.i686.rpm
        14635 83067b11c01007eeb432255db530b7be
   bind-libs-9.4.2-3.i686.rpm
       831677 16643b866211cdbfacb8e4271ca17cb5
   bind-sdb-9.4.2-3.i686.rpm
       202680 2de36e52d4510690d5be052f1596d6d8
   bind-utils-9.4.2-3.i686.rpm
       352713 9c63eeb300f221ba89e4d9afe9f7f1ce

 <Turbolinux 11 Server x64 Edition>

   Source Packages
   Size: MD5

   bind-9.4.2-3.src.rpm
      6496712 e402d2d23390f1877ea8b5861f726149

   Binary Packages
   Size: MD5

   bind-9.4.2-3.x86_64.rpm
      1653189 10c6bd399bbb8d1e1008173d549f2282
   bind-chroot-9.4.2-3.x86_64.rpm
        14630 e1553c0063cf5755aefd01e219a28cea
   bind-devel-9.4.2-3.x86_64.rpm
      3220918 5dec3ba032ae8867e81ab57b7dbbc046
   bind-libs-9.4.2-3.x86_64.rpm
       927378 247bde05e7401b3849235f473ee68578
   bind-sdb-9.4.2-3.x86_64.rpm
       220580 8c0d075d5c4232dbfdcfca09176ad6ef
   bind-utils-9.4.2-3.x86_64.rpm
       378219 3abd70af40345e7634a9c2c0082c828d

 <Turbolinux 11 Server>

   Source Packages
   Size: MD5

   bind-9.4.2-3.src.rpm
      6496712 feca0aa98ce421e0431975a09f6cb6ac

   Binary Packages
   Size: MD5

   bind-9.4.2-3.i686.rpm
      1632673 3a0a68019446de06e41ee20227e307eb
   bind-chroot-9.4.2-3.i686.rpm
        14635 83067b11c01007eeb432255db530b7be
   bind-devel-9.4.2-3.i686.rpm
      3128261 19df809198ea42fec48ebae884c8b921
   bind-libs-9.4.2-3.i686.rpm
       831677 16643b866211cdbfacb8e4271ca17cb5
   bind-sdb-9.4.2-3.i686.rpm
       202680 2de36e52d4510690d5be052f1596d6d8
   bind-utils-9.4.2-3.i686.rpm
       352713 9c63eeb300f221ba89e4d9afe9f7f1ce

 <Turbolinux Appliance Server 2.0>

   Source Packages
   Size: MD5

   bind-9.2.3-19.src.rpm
      3546844 a23b0ee9c9dfdb45a38d143fb2696143

   Binary Packages
   Size: MD5

   bind-9.2.3-19.i586.rpm
       371662 b790e1a685aa343c61f54d5c222ab92a
   bind-chroot-9.2.3-19.i586.rpm
        10161 ca8d41ce12ed8dd11abd9f101fb6fbe9
   bind-libs-9.2.3-19.i586.rpm
       415019 5d26f572fe7ed283477b8d91dac98818
   bind-utils-9.2.3-19.i586.rpm
        96803 4582f84454b9da4aa65cc22edf1b6f05

 <Turbolinux 10 Server x64 Edition>

   Source Packages
   Size: MD5

   bind-9.2.3-19.src.rpm
      3546844 1c254984c614329c1b0957261cbb2b17

   Binary Packages
   Size: MD5

   bind-9.2.3-19.x86_64.rpm
       398340 a604ad8b43c0cc19b3f5908943e00b3f
   bind-chroot-9.2.3-19.x86_64.rpm
        10086 96edeb6fd197dc7b9069ecdecf2fcc73
   bind-libs-9.2.3-19.x86_64.rpm
       517304 f92bcc586acec2c96d65fd94c44eed54
   bind-utils-9.2.3-19.x86_64.rpm
       108249 565d1e03865f5407bb75ca19ebe52d92

 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size: MD5

   bind-9.2.1-11.src.rpm
      4992160 59860e527c9038953c18d4c262852ec3

   Binary Packages
   Size: MD5

   bind-9.2.1-11.i586.rpm
      2745815 5443e7f977b54ddc4f7d873856c7ec8c
   bind-devel-9.2.1-11.i586.rpm
       724932 ee8d094240adc1eea8f51886d6b907a6
   bind-utils-9.2.1-11.i586.rpm
      1703753 0228e325c27c439050637dcd040624ac

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size: MD5

   bind-9.2.1-11.src.rpm
      4992160 6ece36535cb55637cd7931a771955115

   Binary Packages
   Size: MD5

   bind-9.2.1-11.i586.rpm
      2746121 f0d4cf790646306f062e4b5c0da90ae6
   bind-devel-9.2.1-11.i586.rpm
       725173 441c79655668432b8bd0dc2504d676c4
   bind-utils-9.2.1-11.i586.rpm
      1703797 18fd67e5cc6ff12c634332ed095f3612

 <Turbolinux 10 Server>

   Source Packages
   Size: MD5

   bind-9.2.3-19.src.rpm
      3546844 a23b0ee9c9dfdb45a38d143fb2696143

   Binary Packages
   Size: MD5

   bind-9.2.3-19.i586.rpm
       371662 b790e1a685aa343c61f54d5c222ab92a
   bind-chroot-9.2.3-19.i586.rpm
        10161 ca8d41ce12ed8dd11abd9f101fb6fbe9
   bind-libs-9.2.3-19.i586.rpm
       415019 5d26f572fe7ed283477b8d91dac98818
   bind-utils-9.2.3-19.i586.rpm
        96803 4582f84454b9da4aa65cc22edf1b6f05


 References:

 CVE
   [CVE-2009-0025]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025

 --------------------------------------------------------------------------
 Revision History
    05 Feb 2009 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2009 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (GNU/Linux)

iEYEARECAAYFAkmKlGsACgkQK0LzjOqIJMyEpACeNJmsvgSZnBFL15ihFJBT4QBw
rHkAn2OmZKjPG4tKqGVK79DEE+BO8wcl
=kwth
-----END PGP SIGNATURE-----
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung