Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[Security Announce] [ MDVSA-2009:002 ] bind

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

This is a multi-part message in MIME format...

 

------------=_1231576815-14940-7267

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2009:002

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : bind

Date : January 9, 2009

Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0,

Multi Network Firewall 2.0

_______________________________________________________________________

 

Problem Description:

 

A flaw was found in how BIND checked the return value of the OpenSSL

DSA_do_verify() function. On systems that use DNSSEC, a malicious zone

could present a malformed DSA certificate and bypass proper certificate

validation, which would allow for spoofing attacks (CVE-2009-0025).

 

The updated packages have been patched to prevent this issue.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025

_______________________________________________________________________

 

Updated Packages:

 

Mandriva Linux 2008.0:

4d8bb615d789fb539b9d1734c491c478 2008.0/i586/bind-9.4.2-1.2mdv2008.0.i586.rpm

87c1b2fbff77643a31aafdf9c6c09f25 2008.0/i586/bind-devel-9.4.2-1.2mdv2008.0.i586.rpm

6f4dc7ed71be367751ecac86554a32b8 2008.0/i586/bind-utils-9.4.2-1.2mdv2008.0.i586.rpm

df296465880320a5acc53474d218a8fe 2008.0/SRPMS/bind-9.4.2-1.2mdv2008.0.src.rpm

 

Mandriva Linux 2008.0/X86_64:

5c884852aa09f3025ffe058cb54b9f88 2008.0/x86_64/bind-9.4.2-1.2mdv2008.0.x86_64.rpm

69a06c999d5123b56581cacbee4d6501 2008.0/x86_64/bind-devel-9.4.2-1.2mdv2008.0.x86_64.rpm

3e87d9dd7029295d61ff49c745380c68 2008.0/x86_64/bind-utils-9.4.2-1.2mdv2008.0.x86_64.rpm

df296465880320a5acc53474d218a8fe 2008.0/SRPMS/bind-9.4.2-1.2mdv2008.0.src.rpm

 

Mandriva Linux 2008.1:

3fcf472a623f98f6b29a16e5ee6413ea 2008.1/i586/bind-9.5.0-3.2mdv2008.1.i586.rpm

27cd99fef44c70694b884dec497034f9 2008.1/i586/bind-devel-9.5.0-3.2mdv2008.1.i586.rpm

c0d3c204df9747afd3e2ecbc73e38a1c 2008.1/i586/bind-doc-9.5.0-3.2mdv2008.1.i586.rpm

1351f683acbbcb69372b57a65dcbbb2b 2008.1/i586/bind-utils-9.5.0-3.2mdv2008.1.i586.rpm

0a6584bc3845c30ce94d810eec3477e1 2008.1/SRPMS/bind-9.5.0-3.2mdv2008.1.src.rpm

 

Mandriva Linux 2008.1/X86_64:

75e03449461a9b6397e3cc272d9b0ae6 2008.1/x86_64/bind-9.5.0-3.2mdv2008.1.x86_64.rpm

4accb3cac93749d2ffcf4ebb1f215e0f 2008.1/x86_64/bind-devel-9.5.0-3.2mdv2008.1.x86_64.rpm

2f392f0c8bf78794e0ab7331b8f9088a 2008.1/x86_64/bind-doc-9.5.0-3.2mdv2008.1.x86_64.rpm

6498639799f3e01b456408690577a136 2008.1/x86_64/bind-utils-9.5.0-3.2mdv2008.1.x86_64.rpm

0a6584bc3845c30ce94d810eec3477e1 2008.1/SRPMS/bind-9.5.0-3.2mdv2008.1.src.rpm

 

Mandriva Linux 2009.0:

ff6666e2f0861d8756c9b3ed9d14ad4a 2009.0/i586/bind-9.5.0-6.1mdv2009.0.i586.rpm

e5cb25e86d6b6eb8cb11af2d35b79338 2009.0/i586/bind-devel-9.5.0-6.1mdv2009.0.i586.rpm

9525660813ecb71afbfa1c1a2752fa81 2009.0/i586/bind-doc-9.5.0-6.1mdv2009.0.i586.rpm

4dd77bef985adbcca799e9c91dff46a9 2009.0/i586/bind-utils-9.5.0-6.1mdv2009.0.i586.rpm

7c6cce8de90bae608e5ce4303a496347 2009.0/SRPMS/bind-9.5.0-6.1mdv2009.0.src.rpm

 

Mandriva Linux 2009.0/X86_64:

879156944fa297b3e031effd85321a50 2009.0/x86_64/bind-9.5.0-6.1mdv2009.0.x86_64.rpm

83010c9835b1999368d06bc0eea1e7e4 2009.0/x86_64/bind-devel-9.5.0-6.1mdv2009.0.x86_64.rpm

f1a9cb081c1f8623bc989405f616fa94 2009.0/x86_64/bind-doc-9.5.0-6.1mdv2009.0.x86_64.rpm

ddee11a2ab8ba4cc4f110a137f2e23c3 2009.0/x86_64/bind-utils-9.5.0-6.1mdv2009.0.x86_64.rpm

7c6cce8de90bae608e5ce4303a496347 2009.0/SRPMS/bind-9.5.0-6.1mdv2009.0.src.rpm

 

Corporate 3.0:

bc30691c6e5090346b7b204ec5702b2b corporate/3.0/i586/bind-9.2.3-6.6.C30mdk.i586.rpm

36f94ef2e1ab87fbb0d0039a870377ac corporate/3.0/i586/bind-devel-9.2.3-6.6.C30mdk.i586.rpm

1afb8d0888ead2090dc90b261b76acc7 corporate/3.0/i586/bind-utils-9.2.3-6.6.C30mdk.i586.rpm

a5fc0a956fd0c43b6358ce8d3f00ac0c corporate/3.0/SRPMS/bind-9.2.3-6.6.C30mdk.src.rpm

 

Corporate 3.0/X86_64:

01aabfe65e5ad6cf2cd211ce180e30a4 corporate/3.0/x86_64/bind-9.2.3-6.6.C30mdk.x86_64.rpm

2981532cd1f67dcf453e0639c32a7444 corporate/3.0/x86_64/bind-devel-9.2.3-6.6.C30mdk.x86_64.rpm

db5dc5dec31f79b9f66b012ccea864ad corporate/3.0/x86_64/bind-utils-9.2.3-6.6.C30mdk.x86_64.rpm

a5fc0a956fd0c43b6358ce8d3f00ac0c corporate/3.0/SRPMS/bind-9.2.3-6.6.C30mdk.src.rpm

 

Corporate 4.0:

adbb89552fe47bedca9510c4dc5afb2b corporate/4.0/i586/bind-9.3.5-0.5.20060mlcs4.i586.rpm

c97730040fc5fdec50b27af01400a654 corporate/4.0/i586/bind-devel-9.3.5-0.5.20060mlcs4.i586.rpm

cda9dbdf5812985e082791b6d42d7d63 corporate/4.0/i586/bind-utils-9.3.5-0.5.20060mlcs4.i586.rpm

850659a5404cd6e73e5052d614b4416f corporate/4.0/SRPMS/bind-9.3.5-0.5.20060mlcs4.src.rpm

 

Corporate 4.0/X86_64:

fb0661018bc620472223e91e0ef04b6f corporate/4.0/x86_64/bind-9.3.5-0.5.20060mlcs4.x86_64.rpm

f53884c61cb11ad263cf01a0ca80daf3 corporate/4.0/x86_64/bind-devel-9.3.5-0.5.20060mlcs4.x86_64.rpm

a2f0c5584fc77fd70e6ff141777e4d4a corporate/4.0/x86_64/bind-utils-9.3.5-0.5.20060mlcs4.x86_64.rpm

850659a5404cd6e73e5052d614b4416f corporate/4.0/SRPMS/bind-9.3.5-0.5.20060mlcs4.src.rpm

 

Multi Network Firewall 2.0:

2d1c2f239e0a90313660d86f2cad4683 mnf/2.0/i586/bind-9.2.3-6.6.C30mdk.i586.rpm

8726156318e340d26daddb13298385b2 mnf/2.0/i586/bind-utils-9.2.3-6.6.C30mdk.i586.rpm

804c4e42357c6f07d63e01be282dc61e mnf/2.0/SRPMS/bind-9.2.3-6.6.C30mdk.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFJaDAomqjQ0CJFipgRAruWAJ9ZmLS9ivqvwD+BYD9TnEoqvMK54gCgwWBO

n9zIalX1gWk8PYiirOYPFyg=

=vTsr

-----END PGP SIGNATURE-----

 

 

------------=_1231576815-14940-7267

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1231576815-14940-7267--

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×