<<< Date Index >>>     <<< Thread Index >>>

Immunix Secured OS 7+ bind update



[Outlook and Notes users -- please ask your system administrators to
assist you in creating out-of-office-autoreplies that respect public
mail lists; perhaps, creating such a reply that works only within the
organization or business partners.]

[Virus scanner administrators -- sending virus warnings to a From: or
From_ header is a waste of time. Please configure your scanners to drop
mail in the SMTP protocol, and not bounce the email after the fact.
Thanks.]

-----------------------------------------------------------------------
        Immunix Secured OS Security Advisory

Packages updated:       bind
Affected products:      Immunix OS 7+
Bugs fixed:             VU#734644 CAN-2003-0914
Date:                   Mon Oct 27 2003
Advisory ID:            IMNX-2003-7+-024-01
Author:                 Seth Arnold <sarnold@xxxxxxxxxxx>
-----------------------------------------------------------------------

Description:
  A vulnerability has been found in BIND that ".. allows an attacker to
  conduct cache poisoning attacks on vulnerable name servers by
  convincing the servers to retain invalid negative responses."

  Our bind-8.2.3-3.3_imnx_5 packages fix this problem using a patch
  derived from the BIND 8.3.7 release. This vulnerability has been named
  CAN-2003-0914 by the CVE project.

  We'd like to apologize to our US subscribers for the incredibly poor
  timing, to release this notice a day before the Thanksgiving holiday.
  Our options were limited by ISC, the package maintainer.

  References: http://www.kb.cert.org/vuls/id/734644
  http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0914

Package names and locations:
  Precompiled binary packages for Immunix 7+ are available at:
  
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/bind-8.2.3-3.3_imnx_5.i386.rpm
  
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/bind-devel-8.2.3-3.3_imnx_5.i386.rpm
  
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/bind-utils-8.2.3-3.3_imnx_5.i386.rpm

  A source package for Immunix 7+ is available at:
  
http://download.immunix.org/ImmunixOS/7+/Updates/SRPMS/bind-8.2.3-3.3_imnx_5.src.rpm

Immunix OS 7+ md5sums:
  8a5874f96e1c76b11c214ab16e1183f4  RPMS/bind-8.2.3-3.3_imnx_5.i386.rpm
  83535ea7a69ab222ccf5c8664bfd66b9  RPMS/bind-devel-8.2.3-3.3_imnx_5.i386.rpm
  7669fedc653731bf54cc0dd48b258a8f  RPMS/bind-utils-8.2.3-3.3_imnx_5.i386.rpm
  445c908f0c4daffe0a153bc7e5514a85  SRPMS/bind-8.2.3-3.3_imnx_5.src.rpm


GPG verification:                                                               
  Our public keys are available at http://download.immunix.org/GPG_KEY
  Immunix, Inc., has changed policy with GPG keys. We maintain several
  keys now: C53B2B53 for Immunix 7+ package signing, D3BA6C17 for
  Immunix 7.3 package signing, and 1B7456DA for general security issues.


NOTE:
  Ibiblio is graciously mirroring our updates, so if the links above are
  slow, please try:
    ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
  or one of the many mirrors available at:
    http://www.ibiblio.org/pub/Linux/MIRRORS.html

  ImmunixOS 6.2 is no longer officially supported.
  ImmunixOS 7.0 is no longer officially supported.

Contact information:
  To report vulnerabilities, please contact security@xxxxxxxxxxxx
  Immunix attempts to conform to the RFP vulnerability disclosure protocol
  http://www.wiretrip.net/rfp/policy.html.

Attachment: pgp6JAACiP98U.pgp
Description: PGP signature