LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2011:176-2: bind Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A vulnerability was discovered and corrected in bind: Cache lookup could return RRSIG data associated with nonexistent records, leading to an assertion failure. [ISC RT #26590] (CVE-2011-4313). [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                       MDVSA-2011:176-2
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : bind
 Date    : November 18, 2011
 Affected: 2010.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability was discovered and corrected in bind:
 
 Cache lookup could return RRSIG data associated with nonexistent
 records, leading to an assertion failure. [ISC RT #26590]
 (CVE-2011-4313).
 
 The updated packages have been upgraded to bind 9.7.4-P1 and 9.8.1-P1
 which is not vulnerable to this issue.

 Update:

 Packages provided for Mandriva Enterprise Server 5.2 and Mandriva
 Linux 2010.2 with the MDVSA-2011:176 and MDVSA-2011:176-1 advisory
 had wrong release numbers effectively preventing installation without
 excessive force due previous packaging mistakes. This advisory provides
 corrected packages to address the problem.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313
 http://www.isc.org/software/bind/advisories/cve-2011-4313
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 f39bf36a6c1338c67750fdc06e6c9938  2010.1/i586/bind-9.7.4-0.1.P1.1.1mdv2010.2.i586.rpm
 18ddb3de45d1803f42690d29f193ad51  2010.1/i586/bind-devel-9.7.4-0.1.P1.1.1mdv2010.2.i586.rpm
 44a8b036db1c7658f40c6c29ca94a9b2  2010.1/i586/bind-doc-9.7.4-0.1.P1.1.1mdv2010.2.i586.rpm
 f65351bd5fa6fc2e71e6985613f30a13  2010.1/i586/bind-utils-9.7.4-0.1.P1.1.1mdv2010.2.i586.rpm 
 77c232d55313bc0758a26ec95e1f2462  2010.1/SRPMS/bind-9.7.4-0.1.P1.1.1mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 921dc324393e6b72ec9af179636843a4  2010.1/x86_64/bind-9.7.4-0.1.P1.1.1mdv2010.2.x86_64.rpm
 738901860b2e5a878338086e06ab62f7  2010.1/x86_64/bind-devel-9.7.4-0.1.P1.1.1mdv2010.2.x86_64.rpm
 2091b711bf18faec158f2be894d3deed  2010.1/x86_64/bind-doc-9.7.4-0.1.P1.1.1mdv2010.2.x86_64.rpm
 30da2bada8620c4f7e59db23924da8ee  2010.1/x86_64/bind-utils-9.7.4-0.1.P1.1.1mdv2010.2.x86_64.rpm 
 77c232d55313bc0758a26ec95e1f2462  2010.1/SRPMS/bind-9.7.4-0.1.P1.1.1mdv2010.2.src.rpm

 Mandriva Enterprise Server 5:
 73d2fef181508b237fc0d74a18c9fc4a  mes5/i586/bind-9.7.4-0.1.P1.1.1mdvmes5.2.i586.rpm
 ffe081e6ec682e94c1578d4f4c3f5afc  mes5/i586/bind-devel-9.7.4-0.1.P1.1.1mdvmes5.2.i586.rpm
 8aa53e66aaac5813521c637f300690aa  mes5/i586/bind-doc-9.7.4-0.1.P1.1.1mdvmes5.2.i586.rpm
 80adc93320f5aaabc031252a8e74a494  mes5/i586/bind-utils-9.7.4-0.1.P1.1.1mdvmes5.2.i586.rpm 
 6e7372177265cf8aba76855f8577f333  mes5/SRPMS/bind-9.7.4-0.1.P1.1.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 81f88df7104598d1cecfaf07c20e539e  mes5/x86_64/bind-9.7.4-0.1.P1.1.1mdvmes5.2.x86_64.rpm
 e148d06c5e27c014974361a88bf6b66f  mes5/x86_64/bind-devel-9.7.4-0.1.P1.1.1mdvmes5.2.x86_64.rpm
 0deff4d64a7a0cfc2542d9a6a4539e8b  mes5/x86_64/bind-doc-9.7.4-0.1.P1.1.1mdvmes5.2.x86_64.rpm
 771f3758a10b8ef8c4a01ceaa6c6e4bc  mes5/x86_64/bind-utils-9.7.4-0.1.P1.1.1mdvmes5.2.x86_64.rpm 
 6e7372177265cf8aba76855f8577f333  mes5/SRPMS/bind-9.7.4-0.1.P1.1.1mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Mobile Device Encryption Could Lead to a ‘Very, Very Dark Place’, FBI Director Says
What a hacker can learn about your life from the coffee shop’s Wi-Fi network
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.