Ispravljen je sigurnosni propust otkriven u radu programskog paketa BIND, a koji napadač može iskoristiti za izvođenje DoS napada.

   SUSE Security Update: bind
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:0608-1
Rating:             important
References:         #696585 
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4
                    SUSE Linux Enterprise Desktop 10 SP4
                    SLE SDK 10 SP4
______________________________________________________________________________

   An update that contains security fixes can now be
   installed. It includes one version update.

Description:


   This update provides bind 9.6ESVR4P1 which fixes a denial
   of service  vulnerability that can be triggered by very
   large RRSIG RRsets in a  negative response and crash named.
   (CVE-2011-1910
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910
   > )

   It further provides a fix for a defect which may cause
   queries for .com  names to fail with validation errors when
   DNSSEC records for the .com zone  are initially inserted
   into the root zone.

   Please refer to
   https://www.isc.org/software/bind/new-features/9.6
   <https://www.isc.org/software/bind/new-features/9.6> for
   more information  on additional improvements and bug fixes.

Indications:

   Every user of Bind9 should update.


Package List:

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64) [New
Version: 9.6ESVR4P1]:

      bind-9.6ESVR4P1-0.12.1
      bind-chrootenv-9.6ESVR4P1-0.12.1
      bind-devel-9.6ESVR4P1-0.12.1
      bind-doc-9.6ESVR4P1-0.12.1
      bind-libs-9.6ESVR4P1-0.12.1
      bind-utils-9.6ESVR4P1-0.12.1

   - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64) [New Version:
9.6ESVR4P1]:

      bind-libs-32bit-9.6ESVR4P1-0.12.1

   - SUSE Linux Enterprise Server 10 SP4 (ia64) [New Version: 9.6ESVR4P1]:

      bind-libs-x86-9.6ESVR4P1-0.12.1

   - SUSE Linux Enterprise Server 10 SP4 (ppc) [New Version: 9.6ESVR4P1]:

      bind-devel-64bit-9.6ESVR4P1-0.12.1
      bind-libs-64bit-9.6ESVR4P1-0.12.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64) [New Version:
9.6ESVR4P1]:

      bind-libs-9.6ESVR4P1-0.12.1
      bind-utils-9.6ESVR4P1-0.12.1

   - SUSE Linux Enterprise Desktop 10 SP4 (x86_64) [New Version: 9.6ESVR4P1]:

      bind-libs-32bit-9.6ESVR4P1-0.12.1

   - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 9.6ESVR4P1]:

      bind-9.6ESVR4P1-0.12.1
      bind-chrootenv-9.6ESVR4P1-0.12.1
      bind-devel-9.6ESVR4P1-0.12.1
      bind-doc-9.6ESVR4P1-0.12.1

   - SLE SDK 10 SP4 (ppc) [New Version: 9.6ESVR4P1]:

      bind-devel-64bit-9.6ESVR4P1-0.12.1


References:

   https://bugzilla.novell.com/696585
  
http://download.novell.com/patch/finder/?keywords=a1d2052c172e9b480eca0dec27439b16

-- 
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.