<<< Date Index >>>     <<< Thread Index >>>

[ MDKSA-2006:163 ] - Updated bind packages fix DoS vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:163
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : bind
 Date    : September 8, 2006
 Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 A vulnerability in BIND was discovered where it did not sufficiently
 verify particular requests and responses from other name servers and
 users.  This could be exploited by sending a specially crafted packet
 to crash the name server.
                                                                                
 
 Updated packages have been patched to address these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4095
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4096
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 f14e95ff19bfa75c7929ee3b21798a95  2006.0/RPMS/bind-9.3.1-4.1.20060mdk.i586.rpm
 38f966e11d12de632500bfd2800c1623  
2006.0/RPMS/bind-devel-9.3.1-4.1.20060mdk.i586.rpm
 198704fc19b3e67915d77f97cf419b48  
2006.0/RPMS/bind-utils-9.3.1-4.1.20060mdk.i586.rpm
 152c8a9ecbe966090d662b1846bfe60e  2006.0/SRPMS/bind-9.3.1-4.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 4643bbda03257d26c1f1357d583d9874  
x86_64/2006.0/RPMS/bind-9.3.1-4.1.20060mdk.x86_64.rpm
 644fd85e5ba97de405a2fad3104160ef  
x86_64/2006.0/RPMS/bind-devel-9.3.1-4.1.20060mdk.x86_64.rpm
 38b5633ab5f389a3a7d016bad9e8aed5  
x86_64/2006.0/RPMS/bind-utils-9.3.1-4.1.20060mdk.x86_64.rpm
 152c8a9ecbe966090d662b1846bfe60e  
x86_64/2006.0/SRPMS/bind-9.3.1-4.1.20060mdk.src.rpm

 Corporate 3.0:
 266e42515e70f0f18c52c0995e373734  
corporate/3.0/RPMS/bind-9.2.3-6.1.C30mdk.i586.rpm
 cc4cff0ef231e51c91a4a8a5b7fcc1ab  
corporate/3.0/RPMS/bind-devel-9.2.3-6.1.C30mdk.i586.rpm
 8646f8d5e9e5b4a0bb5c647634c9a505  
corporate/3.0/RPMS/bind-utils-9.2.3-6.1.C30mdk.i586.rpm
 3eeb44b4945e7ddc8a88c8face7ad8ee  
corporate/3.0/SRPMS/bind-9.2.3-6.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 5074018335e826c9f144c32bae33d1a1  
x86_64/corporate/3.0/RPMS/bind-9.2.3-6.1.C30mdk.x86_64.rpm
 457f01b9c2fb71e52d5fda98d39e6a50  
x86_64/corporate/3.0/RPMS/bind-devel-9.2.3-6.1.C30mdk.x86_64.rpm
 e1bd6a27addb41c1f40751eda2b97b39  
x86_64/corporate/3.0/RPMS/bind-utils-9.2.3-6.1.C30mdk.x86_64.rpm
 3eeb44b4945e7ddc8a88c8face7ad8ee  
x86_64/corporate/3.0/SRPMS/bind-9.2.3-6.1.C30mdk.src.rpm

 Multi Network Firewall 2.0:
 73a6f4e4b2b88017aab39159930b951c  mnf/2.0/RPMS/bind-9.2.3-6.1.M20mdk.i586.rpm
 f061e1e2fee72bc8e354fe9de6a28999  
mnf/2.0/RPMS/bind-utils-9.2.3-6.1.M20mdk.i586.rpm
 889150fc6c3befeb2c6b0f06b266d276  mnf/2.0/SRPMS/bind-9.2.3-6.1.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFAcRJmqjQ0CJFipgRAnImAKCgqCPy3kFirjAD6nH6QHiQk/OsfACfYzAP
FcNUYkbzyb9mtzIh7ktxSCU=
=tnPi
-----END PGP SIGNATURE-----