-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:253 http://www.mandriva.com/security/ _______________________________________________________________________ Package : bind Date : December 14, 2010 Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities were discovered and corrected in bind: named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data (CVE-2010-3613). named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover (CVE-2010-3614). ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause a denial of service (daemon crash) via a DNS query (CVE-2010-3762). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages for Corporate Server 4.0 has been patched to address these issues. The updated packages for Mandriva Linux 2009.0, 2010.0 and Mandriva Linux Enterprise Server 5.1 has been upgraded to bind-9.6.2-P3 and patched to address the CVE-2010-3762 security issue. The updated packages for Mandriva Linux 2010.1 has been upgraded to bind-9.7.2-P3 which is not vulnerable to these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3762 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: c244e578f17c88632203ae229e930319 2009.0/i586/bind-9.6.2-0.2mdv2009.0.i586.rpm 7394a97fb84683afd1e99643be659dbe 2009.0/i586/bind-devel-9.6.2-0.2mdv2009.0.i586.rpm d4ec2420805067df8e5dfa615253d9d5 2009.0/i586/bind-doc-9.6.2-0.2mdv2009.0.i586.rpm 49b9e3f63f5cb5e4f17f1d471c96693d 2009.0/i586/bind-utils-9.6.2-0.2mdv2009.0.i586.rpm de6adf490a34d59d2a5478b13d1fcae6 2009.0/SRPMS/bind-9.6.2-0.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: f100a5d94b32d4ea354010205dd61c95 2009.0/x86_64/bind-9.6.2-0.2mdv2009.0.x86_64.rpm 0b7d2dec10b7d523225c8fc072942a3f 2009.0/x86_64/bind-devel-9.6.2-0.2mdv2009.0.x86_64.rpm 4762a0979b196d4fe2f9ec597b9bab17 2009.0/x86_64/bind-doc-9.6.2-0.2mdv2009.0.x86_64.rpm 11a3f380c29d0167305a14789f0a1342 2009.0/x86_64/bind-utils-9.6.2-0.2mdv2009.0.x86_64.rpm de6adf490a34d59d2a5478b13d1fcae6 2009.0/SRPMS/bind-9.6.2-0.2mdv2009.0.src.rpm Mandriva Linux 2010.0: 26070dd85164e6a55d525b0911d8a5b9 2010.0/i586/bind-9.6.2-0.2mdv2010.0.i586.rpm 3462f0f35c63e10bc7c434c41ed920ed 2010.0/i586/bind-devel-9.6.2-0.2mdv2010.0.i586.rpm e9de811a81102bb59e88f0203c2d6c2f 2010.0/i586/bind-doc-9.6.2-0.2mdv2010.0.i586.rpm 74bf83c6d618bee1a271dfb4b5fe90d9 2010.0/i586/bind-utils-9.6.2-0.2mdv2010.0.i586.rpm 66fa1bdf42920a011ce35fadfa8599ec 2010.0/SRPMS/bind-9.6.2-0.2mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 8d5dfbfed95fcde4f4e1f7f55d843d53 2010.0/x86_64/bind-9.6.2-0.2mdv2010.0.x86_64.rpm c924c51f720f698392acc9499b279574 2010.0/x86_64/bind-devel-9.6.2-0.2mdv2010.0.x86_64.rpm 4b9f532080b0235765892643c26b3b34 2010.0/x86_64/bind-doc-9.6.2-0.2mdv2010.0.x86_64.rpm 4c49ead6f31cb62620ecad95ac347ce5 2010.0/x86_64/bind-utils-9.6.2-0.2mdv2010.0.x86_64.rpm 66fa1bdf42920a011ce35fadfa8599ec 2010.0/SRPMS/bind-9.6.2-0.2mdv2010.0.src.rpm Mandriva Linux 2010.1: c602faaa5ecf406a50c1d54e213b005f 2010.1/i586/bind-9.7.2-0.1mdv2010.1.i586.rpm 0c0fb39f374e7bff06bcd41f0620f1b5 2010.1/i586/bind-devel-9.7.2-0.1mdv2010.1.i586.rpm 36beded6f33d63195c49e5acc60fab0c 2010.1/i586/bind-doc-9.7.2-0.1mdv2010.1.i586.rpm 90f759a7980f943a9d523474fa24579d 2010.1/i586/bind-utils-9.7.2-0.1mdv2010.1.i586.rpm 5c5652897cdac3de831240c456133b1f 2010.1/SRPMS/bind-9.7.2-0.1mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: 6d0b4ae6a7c1dca2be5e9be73e7eda07 2010.1/x86_64/bind-9.7.2-0.1mdv2010.1.x86_64.rpm 6eb3a612e530882ef3f11afaf6b9ec87 2010.1/x86_64/bind-devel-9.7.2-0.1mdv2010.1.x86_64.rpm 9f20502ce9b0c2ab21365599cc9f4ceb 2010.1/x86_64/bind-doc-9.7.2-0.1mdv2010.1.x86_64.rpm edd121e4fa630341dac046eadc16cc53 2010.1/x86_64/bind-utils-9.7.2-0.1mdv2010.1.x86_64.rpm 5c5652897cdac3de831240c456133b1f 2010.1/SRPMS/bind-9.7.2-0.1mdv2010.1.src.rpm Corporate 4.0: d9db6823d848635aab7d6d921a9ebaf4 corporate/4.0/i586/bind-9.4.3-0.3.20060mlcs4.i586.rpm f7094ed0272958e9720eaabff0aafd83 corporate/4.0/i586/bind-devel-9.4.3-0.3.20060mlcs4.i586.rpm da816b14327efc578e4b0d101241581d corporate/4.0/i586/bind-utils-9.4.3-0.3.20060mlcs4.i586.rpm b97e6cf67d71523d5e33632753f35f02 corporate/4.0/SRPMS/bind-9.4.3-0.3.20060mlcs4.src.rpm Corporate 4.0/X86_64: d053173af842b307695607d452225b35 corporate/4.0/x86_64/bind-9.4.3-0.3.20060mlcs4.x86_64.rpm 7a5300f1416dc460b83a40e414c764d6 corporate/4.0/x86_64/bind-devel-9.4.3-0.3.20060mlcs4.x86_64.rpm 6d7f188606387b45595bb3ec21df8737 corporate/4.0/x86_64/bind-utils-9.4.3-0.3.20060mlcs4.x86_64.rpm b97e6cf67d71523d5e33632753f35f02 corporate/4.0/SRPMS/bind-9.4.3-0.3.20060mlcs4.src.rpm Mandriva Enterprise Server 5: 18c0520c2d8735774fe47228a8c54431 mes5/i586/bind-9.6.2-0.2mdvmes5.1.i586.rpm 9704ba9bb67980d9863156ef9b25b40e mes5/i586/bind-devel-9.6.2-0.2mdvmes5.1.i586.rpm 944c833994bee486555c9800e818012e mes5/i586/bind-doc-9.6.2-0.2mdvmes5.1.i586.rpm 7a79ab5505f2eecdd19ecadfd815da72 mes5/i586/bind-utils-9.6.2-0.2mdvmes5.1.i586.rpm 0b5fcb3ae14aecb82b6ed5b96620e43e mes5/SRPMS/bind-9.6.2-0.2mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: c854520bb790fc3fdbefdfb996a17ec5 mes5/x86_64/bind-9.6.2-0.2mdvmes5.1.x86_64.rpm 5326c0f0f80115d75174dbb4e200e505 mes5/x86_64/bind-devel-9.6.2-0.2mdvmes5.1.x86_64.rpm e181f7817735b9ac929f103719d815f2 mes5/x86_64/bind-doc-9.6.2-0.2mdvmes5.1.x86_64.rpm b87c781974853007429b7ce6801fbf5f mes5/x86_64/bind-utils-9.6.2-0.2mdvmes5.1.x86_64.rpm 0b5fcb3ae14aecb82b6ed5b96620e43e mes5/SRPMS/bind-9.6.2-0.2mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNB5famqjQ0CJFipgRAvVVAKDRz+ErWGSYv2Zlit5z2vYxC1oy5gCgv+sZ KzGENR8HDB+JHGGJvvGlKKo= =lmTu -----END PGP SIGNATURE-----