Sigurnosni propust paketa Bind

U radu programskog paketa Bind uočen je sigurnosni propust kojeg udaljeni napadač može iskoristiti za rušenje programa.

Paket:	BIND 9.x
Operacijski sustavi:	Mandriva Linux 2010.1, Mandriva Linux Enterprise Server 5.0
Kritičnost:	7.8
Problem:	pogreška u programskoj komponenti
Iskorištavanje:	udaljeno
Posljedica:	uskraćivanje usluga (DoS)
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2011-4313
Izvorni ID preporuke:	MDVSA-2011:176
Izvor:	Mandriva

Problem:
Sigurnosni nedostatak je posljedica pogreške u programskoj komponenti "query.c".
Posljedica:
Udaljeni napadač navedenu ranjivost može iskoristiti za napad uskraćivanjem usluga (eng. Denial of Service).
Rješenje:
Svim se korisnicima navedenog programskog paketa savjetuje njegova nadogradnja na novije inačice.

Izvorni tekst preporuke

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                       MDVSA-2011:176-2
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : bind
 Date    : November 18, 2011
 Affected: 2010.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability was discovered and corrected in bind:
 
 Cache lookup could return RRSIG data associated with nonexistent
 records, leading to an assertion failure. [ISC RT #26590]
 (CVE-2011-4313).
 
 The updated packages have been upgraded to bind 9.7.4-P1 and 9.8.1-P1
 which is not vulnerable to this issue.

 Update:

 Packages provided for Mandriva Enterprise Server 5.2 and Mandriva
 Linux 2010.2 with the MDVSA-2011:176 and MDVSA-2011:176-1 advisory
 had wrong release numbers effectively preventing installation without
 excessive force due previous packaging mistakes. This advisory provides
 corrected packages to address the problem.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313
 http://www.isc.org/software/bind/advisories/cve-2011-4313
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 f39bf36a6c1338c67750fdc06e6c9938 
2010.1/i586/bind-9.7.4-0.1.P1.1.1mdv2010.2.i586.rpm
 18ddb3de45d1803f42690d29f193ad51 
2010.1/i586/bind-devel-9.7.4-0.1.P1.1.1mdv2010.2.i586.rpm
 44a8b036db1c7658f40c6c29ca94a9b2 
2010.1/i586/bind-doc-9.7.4-0.1.P1.1.1mdv2010.2.i586.rpm
 f65351bd5fa6fc2e71e6985613f30a13 
2010.1/i586/bind-utils-9.7.4-0.1.P1.1.1mdv2010.2.i586.rpm 
 77c232d55313bc0758a26ec95e1f2462 
2010.1/SRPMS/bind-9.7.4-0.1.P1.1.1mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 921dc324393e6b72ec9af179636843a4 
2010.1/x86_64/bind-9.7.4-0.1.P1.1.1mdv2010.2.x86_64.rpm
 738901860b2e5a878338086e06ab62f7 
2010.1/x86_64/bind-devel-9.7.4-0.1.P1.1.1mdv2010.2.x86_64.rpm
 2091b711bf18faec158f2be894d3deed 
2010.1/x86_64/bind-doc-9.7.4-0.1.P1.1.1mdv2010.2.x86_64.rpm
 30da2bada8620c4f7e59db23924da8ee 
2010.1/x86_64/bind-utils-9.7.4-0.1.P1.1.1mdv2010.2.x86_64.rpm 
 77c232d55313bc0758a26ec95e1f2462 
2010.1/SRPMS/bind-9.7.4-0.1.P1.1.1mdv2010.2.src.rpm

 Mandriva Enterprise Server 5:
 73d2fef181508b237fc0d74a18c9fc4a 
mes5/i586/bind-9.7.4-0.1.P1.1.1mdvmes5.2.i586.rpm
 ffe081e6ec682e94c1578d4f4c3f5afc 
mes5/i586/bind-devel-9.7.4-0.1.P1.1.1mdvmes5.2.i586.rpm
 8aa53e66aaac5813521c637f300690aa 
mes5/i586/bind-doc-9.7.4-0.1.P1.1.1mdvmes5.2.i586.rpm
 80adc93320f5aaabc031252a8e74a494 
mes5/i586/bind-utils-9.7.4-0.1.P1.1.1mdvmes5.2.i586.rpm 
 6e7372177265cf8aba76855f8577f333 
mes5/SRPMS/bind-9.7.4-0.1.P1.1.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 81f88df7104598d1cecfaf07c20e539e 
mes5/x86_64/bind-9.7.4-0.1.P1.1.1mdvmes5.2.x86_64.rpm
 e148d06c5e27c014974361a88bf6b66f 
mes5/x86_64/bind-devel-9.7.4-0.1.P1.1.1mdvmes5.2.x86_64.rpm
 0deff4d64a7a0cfc2542d9a6a4539e8b 
mes5/x86_64/bind-doc-9.7.4-0.1.P1.1.1mdvmes5.2.x86_64.rpm
 771f3758a10b8ef8c4a01ceaa6c6e4bc 
mes5/x86_64/bind-utils-9.7.4-0.1.P1.1.1mdvmes5.2.x86_64.rpm 
 6e7372177265cf8aba76855f8577f333 
mes5/SRPMS/bind-9.7.4-0.1.P1.1.1mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOxkXwmqjQ0CJFipgRAp3YAJ0Xo94vNtFUfsTHI8kbQotHKJ5JFwCggLXg
w7F+KMFHmoO0i3407rWefGI=
=L8A3
-----END PGP SIGNATURE-----

Sigurnosni propust paketa Bind

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Sigurnosni propust paketa Bind

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti