Login
Newsletter
Werbung

Sicherheit: Mangelnde Eingabeprüfung in bind
Aktuelle Meldungen Distributionen
Name: Mangelnde Eingabeprüfung in bind
ID: MDVSA-2009:304
Distribution: Mandriva
Plattformen: Mandriva Corporate 4.0, Mandriva 2009.0, Mandriva 2009.1, Mandriva Enterprise Server 5.0, Mandriva 2010.0
Datum: Do, 26. November 2009, 20:45
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022
https://www.isc.org/node/504
Applikationen: BIND

Originalnachricht

This is a multi-part message in MIME format...

------------=_1259264730-24326-1224


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:304
http://www.mandriva.com/security/
_______________________________________________________________________

Package : bind
Date : November 26, 2009
Affected: 2009.0, 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Some vulnerabilities were discovered and corrected in bind:

Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5
before 9.5.2-P1, 9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3,
and 9.0.x through 9.3.x with DNSSEC validation enabled and checking
disabled (CD), allows remote attackers to conduct DNS cache poisoning
attacks via additional sections in a response sent for resolution
of a recursive client query, which is not properly handled when the
response is processed at the same time as requesting DNSSEC records
(DO). (CVE-2009-4022).

Additionally BIND has been upgraded to the latest point release or
closest supported version by ISC.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022
https://www.isc.org/node/504
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2009.0:
350aede988c5fea9c534c9f6b453a6d9 2009.0/i586/bind-9.5.2-0.1mdv2009.0.i586.rpm
63dae25d60dce8878a87b0eeaa457285
2009.0/i586/bind-devel-9.5.2-0.1mdv2009.0.i586.rpm
b3e98fd47dbff14ad213a8ca8a6e466d
2009.0/i586/bind-doc-9.5.2-0.1mdv2009.0.i586.rpm
fa56daa8b48c17fbcf9e0d59ded29123
2009.0/i586/bind-utils-9.5.2-0.1mdv2009.0.i586.rpm
75ef743d58dbfc382e88fef13788f71f 2009.0/SRPMS/bind-9.5.2-0.1mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
12d89eb11dda9285afdcd1e315c47261
2009.0/x86_64/bind-9.5.2-0.1mdv2009.0.x86_64.rpm
7314c3bdb02a8d332a5c809ade05ffa8
2009.0/x86_64/bind-devel-9.5.2-0.1mdv2009.0.x86_64.rpm
c87e38d4da7e29bcf756afce7266dc96
2009.0/x86_64/bind-doc-9.5.2-0.1mdv2009.0.x86_64.rpm
0c7822fea0b4b39fb1330c98c3ac72e6
2009.0/x86_64/bind-utils-9.5.2-0.1mdv2009.0.x86_64.rpm
75ef743d58dbfc382e88fef13788f71f 2009.0/SRPMS/bind-9.5.2-0.1mdv2009.0.src.rpm

Mandriva Linux 2009.1:
85b9888ba8e24104787ee69eaa471f5d 2009.1/i586/bind-9.6.1-0.1mdv2009.1.i586.rpm
e251bc5c2c1065c0ceefa31b6fa7b8a9
2009.1/i586/bind-devel-9.6.1-0.1mdv2009.1.i586.rpm
53f7c3477e5d3f3ebc3376ecb63a2eec
2009.1/i586/bind-doc-9.6.1-0.1mdv2009.1.i586.rpm
144e76e8e28f839dafd1a0c2816345a8
2009.1/i586/bind-utils-9.6.1-0.1mdv2009.1.i586.rpm
d11449cedd0e738e27518e5f65c06628 2009.1/SRPMS/bind-9.6.1-0.1mdv2009.1.src.rpm

Mandriva Linux 2009.1/X86_64:
5a8c68cf6b92bcb1de285aa151550806
2009.1/x86_64/bind-9.6.1-0.1mdv2009.1.x86_64.rpm
224a8d280a689e2918c99f50d95a286b
2009.1/x86_64/bind-devel-9.6.1-0.1mdv2009.1.x86_64.rpm
d2339b9352a58a33e3e347d30f3112af
2009.1/x86_64/bind-doc-9.6.1-0.1mdv2009.1.x86_64.rpm
9af5d666780c971c014e4703a02735f5
2009.1/x86_64/bind-utils-9.6.1-0.1mdv2009.1.x86_64.rpm
d11449cedd0e738e27518e5f65c06628 2009.1/SRPMS/bind-9.6.1-0.1mdv2009.1.src.rpm

Mandriva Linux 2010.0:
370e9b2a7a28cbed55406fe55726362d 2010.0/i586/bind-9.6.1-4.1mdv2010.0.i586.rpm
a5ac29331aee65433a5892cd836f0c98
2010.0/i586/bind-devel-9.6.1-4.1mdv2010.0.i586.rpm
e7cc049f431f380300371341d5310c61
2010.0/i586/bind-doc-9.6.1-4.1mdv2010.0.i586.rpm
2e1ca9662985205be96c85ffda316da1
2010.0/i586/bind-utils-9.6.1-4.1mdv2010.0.i586.rpm
11cb180925f7705960f23d853fa75a82 2010.0/SRPMS/bind-9.6.1-4.1mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
3cc9cd36796d0e385d0768fca4e1df26
2010.0/x86_64/bind-9.6.1-4.1mdv2010.0.x86_64.rpm
f4544efd9648274c057ff83340d9dbfb
2010.0/x86_64/bind-devel-9.6.1-4.1mdv2010.0.x86_64.rpm
6110c4726cc972c0226ffa89264c2d3a
2010.0/x86_64/bind-doc-9.6.1-4.1mdv2010.0.x86_64.rpm
fbb65979f1b2c1184a4511eb554d9705
2010.0/x86_64/bind-utils-9.6.1-4.1mdv2010.0.x86_64.rpm
11cb180925f7705960f23d853fa75a82 2010.0/SRPMS/bind-9.6.1-4.1mdv2010.0.src.rpm

Corporate 4.0:
efa9da62f2e60853b87767f00ca547ef
corporate/4.0/i586/bind-9.4.3-0.1.20060mlcs4.i586.rpm
7527a21df42df4e7868ba61879f42518
corporate/4.0/i586/bind-devel-9.4.3-0.1.20060mlcs4.i586.rpm
7646549a4dcc5f65e8ea6f8067e95070
corporate/4.0/i586/bind-utils-9.4.3-0.1.20060mlcs4.i586.rpm
36463b1e9d167038f904ca7df177898b
corporate/4.0/SRPMS/bind-9.4.3-0.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
e41861745bb151fb5efc1bf9b50f6505
corporate/4.0/x86_64/bind-9.4.3-0.1.20060mlcs4.x86_64.rpm
9dd765db9f38a16221a275b96281802f
corporate/4.0/x86_64/bind-devel-9.4.3-0.1.20060mlcs4.x86_64.rpm
4ae28b93e75875ec58e3bb5dbc39494d
corporate/4.0/x86_64/bind-utils-9.4.3-0.1.20060mlcs4.x86_64.rpm
36463b1e9d167038f904ca7df177898b
corporate/4.0/SRPMS/bind-9.4.3-0.1.20060mlcs4.src.rpm

Mandriva Enterprise Server 5:
4c906960098af8693448ac5cb3766379 mes5/i586/bind-9.5.2-0.1mdvmes5.i586.rpm
9628b329b44d2d5969f7ff277d3d7f0b
mes5/i586/bind-devel-9.5.2-0.1mdvmes5.i586.rpm
5e4096b88a627c1dec4238dfcf401ba2 mes5/i586/bind-doc-9.5.2-0.1mdvmes5.i586.rpm
dcc67d5dc6e2df19b70bfc7eb07e3633
mes5/i586/bind-utils-9.5.2-0.1mdvmes5.i586.rpm
78aa573ae412f837d942225a77e56398 mes5/SRPMS/bind-9.5.2-0.1mdvmes5.src.rpm

Mandriva Enterprise Server 5/X86_64:
4bc1fb9a2260d4dda412102e7eca322b mes5/x86_64/bind-9.5.2-0.1mdvmes5.x86_64.rpm
bf243b38288fd02299fe250547060d9d
mes5/x86_64/bind-devel-9.5.2-0.1mdvmes5.x86_64.rpm
c5913b8326477c600d4bd5f3524218ec
mes5/x86_64/bind-doc-9.5.2-0.1mdvmes5.x86_64.rpm
e555c924894703f24d91f9e4c7715927
mes5/x86_64/bind-utils-9.5.2-0.1mdvmes5.x86_64.rpm
78aa573ae412f837d942225a77e56398 mes5/SRPMS/bind-9.5.2-0.1mdvmes5.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLDqxBmqjQ0CJFipgRAq5SAKCtfakAexWy/C5PkEsNrFfrk7gQHwCgvY9R
pmiCd4VANBSFJKkMchIBpjE=
=q1sN
-----END PGP SIGNATURE-----


------------=_1259264730-24326-1224
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1259264730-24326-1224--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung