[Full-disclosure] [ MDVSA-2011:176-2 ] bind



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2011:176-2
http://www.mandriva.com/security/
_______________________________________________________________________

Package : bind
Date : November 18, 2011
Affected: 2010.1, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability was discovered and corrected in bind:

Cache lookup could return RRSIG data associated with nonexistent
records, leading to an assertion failure. [ISC RT #26590]
(CVE-2011-4313).

The updated packages have been upgraded to bind 9.7.4-P1 and 9.8.1-P1
which is not vulnerable to this issue.

Update:

Packages provided for Mandriva Enterprise Server 5.2 and Mandriva
Linux 2010.2 with the MDVSA-2011:176 and MDVSA-2011:176-1 advisory
had wrong release numbers effectively preventing installation without
excessive force due previous packaging mistakes. This advisory provides
corrected packages to address the problem.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313
http://www.isc.org/software/bind/advisories/cve-2011-4313
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2010.1:
f39bf36a6c1338c67750fdc06e6c9938 2010.1/i586/bind-9.7.4-0.1.P1.1.1mdv2010.2.i586.rpm
18ddb3de45d1803f42690d29f193ad51 2010.1/i586/bind-devel-9.7.4-0.1.P1.1.1mdv2010.2.i586.rpm
44a8b036db1c7658f40c6c29ca94a9b2 2010.1/i586/bind-doc-9.7.4-0.1.P1.1.1mdv2010.2.i586.rpm
f65351bd5fa6fc2e71e6985613f30a13 2010.1/i586/bind-utils-9.7.4-0.1.P1.1.1mdv2010.2.i586.rpm
77c232d55313bc0758a26ec95e1f2462 2010.1/SRPMS/bind-9.7.4-0.1.P1.1.1mdv2010.2.src.rpm

Mandriva Linux 2010.1/X86_64:
921dc324393e6b72ec9af179636843a4 2010.1/x86_64/bind-9.7.4-0.1.P1.1.1mdv2010.2.x86_64.rpm
738901860b2e5a878338086e06ab62f7 2010.1/x86_64/bind-devel-9.7.4-0.1.P1.1.1mdv2010.2.x86_64.rpm
2091b711bf18faec158f2be894d3deed 2010.1/x86_64/bind-doc-9.7.4-0.1.P1.1.1mdv2010.2.x86_64.rpm
30da2bada8620c4f7e59db23924da8ee 2010.1/x86_64/bind-utils-9.7.4-0.1.P1.1.1mdv2010.2.x86_64.rpm
77c232d55313bc0758a26ec95e1f2462 2010.1/SRPMS/bind-9.7.4-0.1.P1.1.1mdv2010.2.src.rpm

Mandriva Enterprise Server 5:
73d2fef181508b237fc0d74a18c9fc4a mes5/i586/bind-9.7.4-0.1.P1.1.1mdvmes5.2.i586.rpm
ffe081e6ec682e94c1578d4f4c3f5afc mes5/i586/bind-devel-9.7.4-0.1.P1.1.1mdvmes5.2.i586.rpm
8aa53e66aaac5813521c637f300690aa mes5/i586/bind-doc-9.7.4-0.1.P1.1.1mdvmes5.2.i586.rpm
80adc93320f5aaabc031252a8e74a494 mes5/i586/bind-utils-9.7.4-0.1.P1.1.1mdvmes5.2.i586.rpm
6e7372177265cf8aba76855f8577f333 mes5/SRPMS/bind-9.7.4-0.1.P1.1.1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
81f88df7104598d1cecfaf07c20e539e mes5/x86_64/bind-9.7.4-0.1.P1.1.1mdvmes5.2.x86_64.rpm
e148d06c5e27c014974361a88bf6b66f mes5/x86_64/bind-devel-9.7.4-0.1.P1.1.1mdvmes5.2.x86_64.rpm
0deff4d64a7a0cfc2542d9a6a4539e8b mes5/x86_64/bind-doc-9.7.4-0.1.P1.1.1mdvmes5.2.x86_64.rpm
771f3758a10b8ef8c4a01ceaa6c6e4bc mes5/x86_64/bind-utils-9.7.4-0.1.P1.1.1mdvmes5.2.x86_64.rpm
6e7372177265cf8aba76855f8577f333 mes5/SRPMS/bind-9.7.4-0.1.P1.1.1mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOxkXwmqjQ0CJFipgRAp3YAJ0Xo94vNtFUfsTHI8kbQotHKJ5JFwCggLXg
w7F+KMFHmoO0i3407rWefGI=
=L8A3
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/