[Security Announce] [ MDKSA-2006:163 ] - Updated bind packages fix DoS vulnerabilities
Posted on: 09/08/2006 11:55 PM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:163
http://www.mandriva.com/security/
_______________________________________________________________________

Package : bind
Date : September 8, 2006
Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

A vulnerability in BIND was discovered where it did not sufficiently
verify particular requests and responses from other name servers and
users. This could be exploited by sending a specially crafted packet
to crash the name server.

Updated packages have been patched to address these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4096
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
f14e95ff19bfa75c7929ee3b21798a95 2006.0/RPMS/bind-9.3.1-4.1.20060mdk.i586.rpm
38f966e11d12de632500bfd2800c1623 2006.0/RPMS/bind-devel-9.3.1-4.1.20060mdk.i586.rpm
198704fc19b3e67915d77f97cf419b48 2006.0/RPMS/bind-utils-9.3.1-4.1.20060mdk.i586.rpm
152c8a9ecbe966090d662b1846bfe60e 2006.0/SRPMS/bind-9.3.1-4.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
4643bbda03257d26c1f1357d583d9874 x86_64/2006.0/RPMS/bind-9.3.1-4.1.20060mdk.x86_64.rpm
644fd85e5ba97de405a2fad3104160ef x86_64/2006.0/RPMS/bind-devel-9.3.1-4.1.20060mdk.x86_64.rpm
38b5633ab5f389a3a7d016bad9e8aed5 x86_64/2006.0/RPMS/bind-utils-9.3.1-4.1.20060mdk.x86_64.rpm
152c8a9ecbe966090d662b1846bfe60e x86_64/2006.0/SRPMS/bind-9.3.1-4.1.20060mdk.src.rpm

Corporate 3.0:
266e42515e70f0f18c52c0995e373734 corporate/3.0/RPMS/bind-9.2.3-6.1.C30mdk.i586.rpm
cc4cff0ef231e51c91a4a8a5b7fcc1ab corporate/3.0/RPMS/bind-devel-9.2.3-6.1.C30mdk.i586.rpm
8646f8d5e9e5b4a0bb5c647634c9a505 corporate/3.0/RPMS/bind-utils-9.2.3-6.1.C30mdk.i586.rpm
3eeb44b4945e7ddc8a88c8face7ad8ee corporate/3.0/SRPMS/bind-9.2.3-6.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
5074018335e826c9f144c32bae33d1a1 x86_64/corporate/3.0/RPMS/bind-9.2.3-6.1.C30mdk.x86_64.rpm
457f01b9c2fb71e52d5fda98d39e6a50 x86_64/corporate/3.0/RPMS/bind-devel-9.2.3-6.1.C30mdk.x86_64.rpm
e1bd6a27addb41c1f40751eda2b97b39 x86_64/corporate/3.0/RPMS/bind-utils-9.2.3-6.1.C30mdk.x86_64.rpm
3eeb44b4945e7ddc8a88c8face7ad8ee x86_64/corporate/3.0/SRPMS/bind-9.2.3-6.1.C30mdk.src.rpm

Multi Network Firewall 2.0:
73a6f4e4b2b88017aab39159930b951c mnf/2.0/RPMS/bind-9.2.3-6.1.M20mdk.i586.rpm
f061e1e2fee72bc8e354fe9de6a28999 mnf/2.0/RPMS/bind-utils-9.2.3-6.1.M20mdk.i586.rpm
889150fc6c3befeb2c6b0f06b266d276 mnf/2.0/SRPMS/bind-9.2.3-6.1.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFAcRJmqjQ0CJFipgRAnImAKCgqCPy3kFirjAD6nH6QHiQk/OsfACfYzAP
FcNUYkbzyb9mtzIh7ktxSCU=
=tnPi
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2006163__updated_bind_packages_fix_dos_vulnerabilities.html)