[Security Announce] [ MDVSA-2008:139 ] - Updated BIND packages fix critical DNS vulnerability

[news 28]

This is a multi-part message in MIME format...

 

------------=_1215644132-11275-7241

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2008:139

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : bind

Date : July 9, 2008

Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0,

Multi Network Firewall 2.0

_______________________________________________________________________

 

Problem Description:

 

A weakness was found in the DNS protocol by Dan Kaminsky. A remote

attacker could exploit this weakness to spoof DNS entries and poison

DNS caches. This could be used to misdirect users and services;

i.e. for web and email traffic (CVE-2008-1447).

 

This update provides the latest stable BIND releases for all platforms

except Corporate Server/Desktop 3.0 and MNF2, which have been patched

to correct the issue.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447

_______________________________________________________________________

 

Updated Packages:

 

Mandriva Linux 2007.1:

73cc24fc9586b7ab290d755012c16a79 2007.1/i586/bind-9.4.2-0.1mdv2007.1.i586.rpm

70867c50cfd64b4406aa002d627d740b 2007.1/i586/bind-devel-9.4.2-0.1mdv2007.1.i586.rpm

3603e9d9115466753397a1f472011703 2007.1/i586/bind-utils-9.4.2-0.1mdv2007.1.i586.rpm

cf5e4100ecb21a4eb603831e5a6ec23d 2007.1/SRPMS/bind-9.4.2-0.1mdv2007.1.src.rpm

 

Mandriva Linux 2007.1/X86_64:

4eb7ce0984d3ce3befff667392e3bf3e 2007.1/x86_64/bind-9.4.2-0.1mdv2007.1.x86_64.rpm

d7b9a9e7d4c52a5b0c54f59ca20bf2d5 2007.1/x86_64/bind-devel-9.4.2-0.1mdv2007.1.x86_64.rpm

c5c66c9609615029d2f07f7b09a63118 2007.1/x86_64/bind-utils-9.4.2-0.1mdv2007.1.x86_64.rpm

cf5e4100ecb21a4eb603831e5a6ec23d 2007.1/SRPMS/bind-9.4.2-0.1mdv2007.1.src.rpm

 

Mandriva Linux 2008.0:

52dfe3970fcd9495b2bb9379a9312b25 2008.0/i586/bind-9.4.2-1mdv2008.0.i586.rpm

97d20d35b6814aa2f9fab549ca6237c0 2008.0/i586/bind-devel-9.4.2-1mdv2008.0.i586.rpm

87a7bb3dd25abd8cd882a8f2fdc2398e 2008.0/i586/bind-utils-9.4.2-1mdv2008.0.i586.rpm

da4444a8074e6ede39dfa557fb258db7 2008.0/SRPMS/bind-9.4.2-1mdv2008.0.src.rpm

 

Mandriva Linux 2008.0/X86_64:

b9d0337363bc1e2b14505f25d4ee5f99 2008.0/x86_64/bind-9.4.2-1mdv2008.0.x86_64.rpm

9b75e2a96784c00c2912bc3bf333d089 2008.0/x86_64/bind-devel-9.4.2-1mdv2008.0.x86_64.rpm

0a593b090d9e6bda3666e234056e19ba 2008.0/x86_64/bind-utils-9.4.2-1mdv2008.0.x86_64.rpm

da4444a8074e6ede39dfa557fb258db7 2008.0/SRPMS/bind-9.4.2-1mdv2008.0.src.rpm

 

Mandriva Linux 2008.1:

2534ef007262d4ea2d219bab0190466c 2008.1/i586/bind-9.5.0-3mdv2008.1.i586.rpm

c3feee5d05aa3aee14cd70a2d295d0b1 2008.1/i586/bind-devel-9.5.0-3mdv2008.1.i586.rpm

f306c06665b723a2530258e6d1dbdae2 2008.1/i586/bind-doc-9.5.0-3mdv2008.1.i586.rpm

967ef80628f92160930bc3a3827a216e 2008.1/i586/bind-utils-9.5.0-3mdv2008.1.i586.rpm

70fc7a7964944a2926979710c5148ed1 2008.1/SRPMS/bind-9.5.0-3mdv2008.1.src.rpm

 

Mandriva Linux 2008.1/X86_64:

3f4d96d7a7f913c141e1f63cdc7e7336 2008.1/x86_64/bind-9.5.0-3mdv2008.1.x86_64.rpm

420db658366763686198f41394aa72b3 2008.1/x86_64/bind-devel-9.5.0-3mdv2008.1.x86_64.rpm

6f3674f68311494c5a9ff0dbce831e82 2008.1/x86_64/bind-doc-9.5.0-3mdv2008.1.x86_64.rpm

4294b3a086b89bf53c5c967c17962447 2008.1/x86_64/bind-utils-9.5.0-3mdv2008.1.x86_64.rpm

70fc7a7964944a2926979710c5148ed1 2008.1/SRPMS/bind-9.5.0-3mdv2008.1.src.rpm

 

Corporate 3.0:

de2a4372d1c25d73f343c9fcb044c9dd corporate/3.0/i586/bind-9.2.3-6.5.C30mdk.i586.rpm

1f24f6dbdb6c02e21cbbef99555049cb corporate/3.0/i586/bind-devel-9.2.3-6.5.C30mdk.i586.rpm

00405b98290d5a41f226081baa57e18d corporate/3.0/i586/bind-utils-9.2.3-6.5.C30mdk.i586.rpm

6a237dc290f4f7c463b1996e6a4a4515 corporate/3.0/SRPMS/bind-9.2.3-6.5.C30mdk.src.rpm

 

Corporate 3.0/X86_64:

628162f3d6a414828d2231fefc46842b corporate/3.0/x86_64/bind-9.2.3-6.5.C30mdk.x86_64.rpm

dd29ff31a9cffcc1b20fd045869d7013 corporate/3.0/x86_64/bind-devel-9.2.3-6.5.C30mdk.x86_64.rpm

c475c1a4d048e04da1fc27dcbb17c3f3 corporate/3.0/x86_64/bind-utils-9.2.3-6.5.C30mdk.x86_64.rpm

6a237dc290f4f7c463b1996e6a4a4515 corporate/3.0/SRPMS/bind-9.2.3-6.5.C30mdk.src.rpm

 

Corporate 4.0:

271ead204904be302d197cd542f5ae23 corporate/4.0/i586/bind-9.3.5-0.4.20060mlcs4.i586.rpm

42413dcc1cf053e735216f767eff4e5d corporate/4.0/i586/bind-devel-9.3.5-0.4.20060mlcs4.i586.rpm

0201afe493a41e1deedc9bf7e9725f4a corporate/4.0/i586/bind-utils-9.3.5-0.4.20060mlcs4.i586.rpm

86bc0cdc9ed1b959b6f56e0660268f2e corporate/4.0/SRPMS/bind-9.3.5-0.4.20060mlcs4.src.rpm

 

Corporate 4.0/X86_64:

b1a18a7d0578dab7bd825eda6c682b3d corporate/4.0/x86_64/bind-9.3.5-0.4.20060mlcs4.x86_64.rpm

6a2ebd550feb9147058de05b1a1ef04d corporate/4.0/x86_64/bind-devel-9.3.5-0.4.20060mlcs4.x86_64.rpm

670a1b934ce4974b8505018ab69ade0b corporate/4.0/x86_64/bind-utils-9.3.5-0.4.20060mlcs4.x86_64.rpm

86bc0cdc9ed1b959b6f56e0660268f2e corporate/4.0/SRPMS/bind-9.3.5-0.4.20060mlcs4.src.rpm

 

Multi Network Firewall 2.0:

5b694c24cc2092e38f531dbfdd5c9d41 mnf/2.0/i586/bind-9.2.3-6.5.C30mdk.i586.rpm

c08bc805027059c47bed32215f17eacb mnf/2.0/i586/bind-utils-9.2.3-6.5.C30mdk.i586.rpm

39225289516498e1b071c5059306f2b9 mnf/2.0/SRPMS/bind-9.2.3-6.5.C30mdk.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFIdPwTmqjQ0CJFipgRAm9AAJ9/UOAuOWDL1KgnMNGM/224QGUNQgCfW+G9

J7qxrU208lhOcIjhtq8FWX8=

=91dV

-----END PGP SIGNATURE-----

 

 

------------=_1215644132-11275-7241

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1215644132-11275-7241--