-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2012:089 http://www.mandriva.com/security/ _______________________________________________________________________ Package : bind Date : June 10, 2012 Affected: 2010.1, 2011., Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability was discovered and corrected in bind: ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record (CVE-2012-1667). The updated packages have been upgraded to bind 9.7.6-P1 and 9.8.3-P1 which is not vulnerable to this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667 http://www.isc.org/software/bind/advisories/cve-2012-1667 ftp://ftp.isc.org/isc/bind9/9.7.6-P1/RELEASE-NOTES-BIND-9.7.6-P1.txt ftp://ftp.isc.org/isc/bind9/9.8.3-P1/RELEASE-NOTES-BIND-9.8.3-P1.txt _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: a4136df144ce0ef0781484627484bc3f 2010.1/i586/bind-9.7.6-0.0.P1.0.1mdv2010.2.i586.rpm 830f7b84cf2891303b700f5336ee5e8d 2010.1/i586/bind-devel-9.7.6-0.0.P1.0.1mdv2010.2.i586.rpm fc21a051f543d69e15bd4fe5e5cb10a0 2010.1/i586/bind-doc-9.7.6-0.0.P1.0.1mdv2010.2.i586.rpm da27c14c4b98d3866682bc7e5d76ad8d 2010.1/i586/bind-utils-9.7.6-0.0.P1.0.1mdv2010.2.i586.rpm f00a92647f3f43aa8f9d906dbf11094a 2010.1/SRPMS/bind-9.7.6-0.0.P1.0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 115a51a772e1ea94bf8af6bb28996bdb 2010.1/x86_64/bind-9.7.6-0.0.P1.0.1mdv2010.2.x86_64.rpm d79ad8c6cb1a6b784d935b13a7b2fe15 2010.1/x86_64/bind-devel-9.7.6-0.0.P1.0.1mdv2010.2.x86_64.rpm 901e102627a664dad0f464cd385e7fb2 2010.1/x86_64/bind-doc-9.7.6-0.0.P1.0.1mdv2010.2.x86_64.rpm 60b40f20a525dfa67302252caf2bcb33 2010.1/x86_64/bind-utils-9.7.6-0.0.P1.0.1mdv2010.2.x86_64.rpm f00a92647f3f43aa8f9d906dbf11094a 2010.1/SRPMS/bind-9.7.6-0.0.P1.0.1mdv2010.2.src.rpm Mandriva Linux 2011: 16926abc70e854a0b58b7469ef1d77c7 2011/i586/bind-9.8.3-0.0.P1.0.1-mdv2011.0.i586.rpm b265f7b3f622b60848f9659bbe6cd0a8 2011/i586/bind-devel-9.8.3-0.0.P1.0.1-mdv2011.0.i586.rpm 3b4e397326b5196736ce9c2f373c4447 2011/i586/bind-doc-9.8.3-0.0.P1.0.1-mdv2011.0.i586.rpm e3c925102fee466f43be8a94cf0852da 2011/i586/bind-utils-9.8.3-0.0.P1.0.1-mdv2011.0.i586.rpm a54ef9cfd588215069052d5ca3df8005 2011/SRPMS/bind-9.8.3-0.0.P1.0.1.src.rpm Mandriva Linux 2011/X86_64: f006220d59f7f9e9ff6f24d6dfb2719d 2011/x86_64/bind-9.8.3-0.0.P1.0.1-mdv2011.0.x86_64.rpm e6d643c23141dd4b3312728001c03df5 2011/x86_64/bind-devel-9.8.3-0.0.P1.0.1-mdv2011.0.x86_64.rpm ffc9fccb94a33172c5e0ca1984702bbf 2011/x86_64/bind-doc-9.8.3-0.0.P1.0.1-mdv2011.0.x86_64.rpm a34967d48b339fb807e769b3a20788a9 2011/x86_64/bind-utils-9.8.3-0.0.P1.0.1-mdv2011.0.x86_64.rpm a54ef9cfd588215069052d5ca3df8005 2011/SRPMS/bind-9.8.3-0.0.P1.0.1.src.rpm Mandriva Enterprise Server 5: c3aa5e672f6b03ff34be06ca8720df55 mes5/i586/bind-9.7.6-0.0.P1.0.1mdvmes5.2.i586.rpm ac267bb10d0403e2eed5982441dc833e mes5/i586/bind-devel-9.7.6-0.0.P1.0.1mdvmes5.2.i586.rpm cde8a82803d1562b1d63c632db9b15ac mes5/i586/bind-doc-9.7.6-0.0.P1.0.1mdvmes5.2.i586.rpm a53c6290a90c9fd6b11fd1f68686bcca mes5/i586/bind-utils-9.7.6-0.0.P1.0.1mdvmes5.2.i586.rpm 1c9f0bbac5e8683cf36c119fce7fb1f5 mes5/SRPMS/bind-9.7.6-0.0.P1.0.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 552f5c44303d73c8701e174fd6555e68 mes5/x86_64/bind-9.7.6-0.0.P1.0.1mdvmes5.2.x86_64.rpm 9ace83917f5db66354b58dd085488f2e mes5/x86_64/bind-devel-9.7.6-0.0.P1.0.1mdvmes5.2.x86_64.rpm 3cf233df1f5e677b120ec3c26333b9ff mes5/x86_64/bind-doc-9.7.6-0.0.P1.0.1mdvmes5.2.x86_64.rpm 69a3801fcecbd480f97aa7825714f8fd mes5/x86_64/bind-utils-9.7.6-0.0.P1.0.1mdvmes5.2.x86_64.rpm 1c9f0bbac5e8683cf36c119fce7fb1f5 mes5/SRPMS/bind-9.7.6-0.0.P1.0.1mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFP1FjRmqjQ0CJFipgRAjWhAKDCW3YpIL8J6xcMyNU9ipEJXLa+qACgqkEc wr9IaDsAueQ2fsX+Lg0P+Bg= =y/KY -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/