-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:304 http://www.mandriva.com/security/ _______________________________________________________________________ Package : bind Date : November 26, 2009 Affected: 2009.0, 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Some vulnerabilities were discovered and corrected in bind: Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3, and 9.0.x through 9.3.x with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks via additional sections in a response sent for resolution of a recursive client query, which is not properly handled when the response is processed at the same time as requesting DNSSEC records (DO). (CVE-2009-4022). Additionally BIND has been upgraded to the latest point release or closest supported version by ISC. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022 https://www.isc.org/node/504 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: 350aede988c5fea9c534c9f6b453a6d9 2009.0/i586/bind-9.5.2-0.1mdv2009.0.i586.rpm 63dae25d60dce8878a87b0eeaa457285 2009.0/i586/bind-devel-9.5.2-0.1mdv2009.0.i586.rpm b3e98fd47dbff14ad213a8ca8a6e466d 2009.0/i586/bind-doc-9.5.2-0.1mdv2009.0.i586.rpm fa56daa8b48c17fbcf9e0d59ded29123 2009.0/i586/bind-utils-9.5.2-0.1mdv2009.0.i586.rpm 75ef743d58dbfc382e88fef13788f71f 2009.0/SRPMS/bind-9.5.2-0.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 12d89eb11dda9285afdcd1e315c47261 2009.0/x86_64/bind-9.5.2-0.1mdv2009.0.x86_64.rpm 7314c3bdb02a8d332a5c809ade05ffa8 2009.0/x86_64/bind-devel-9.5.2-0.1mdv2009.0.x86_64.rpm c87e38d4da7e29bcf756afce7266dc96 2009.0/x86_64/bind-doc-9.5.2-0.1mdv2009.0.x86_64.rpm 0c7822fea0b4b39fb1330c98c3ac72e6 2009.0/x86_64/bind-utils-9.5.2-0.1mdv2009.0.x86_64.rpm 75ef743d58dbfc382e88fef13788f71f 2009.0/SRPMS/bind-9.5.2-0.1mdv2009.0.src.rpm Mandriva Linux 2009.1: 85b9888ba8e24104787ee69eaa471f5d 2009.1/i586/bind-9.6.1-0.1mdv2009.1.i586.rpm e251bc5c2c1065c0ceefa31b6fa7b8a9 2009.1/i586/bind-devel-9.6.1-0.1mdv2009.1.i586.rpm 53f7c3477e5d3f3ebc3376ecb63a2eec 2009.1/i586/bind-doc-9.6.1-0.1mdv2009.1.i586.rpm 144e76e8e28f839dafd1a0c2816345a8 2009.1/i586/bind-utils-9.6.1-0.1mdv2009.1.i586.rpm d11449cedd0e738e27518e5f65c06628 2009.1/SRPMS/bind-9.6.1-0.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 5a8c68cf6b92bcb1de285aa151550806 2009.1/x86_64/bind-9.6.1-0.1mdv2009.1.x86_64.rpm 224a8d280a689e2918c99f50d95a286b 2009.1/x86_64/bind-devel-9.6.1-0.1mdv2009.1.x86_64.rpm d2339b9352a58a33e3e347d30f3112af 2009.1/x86_64/bind-doc-9.6.1-0.1mdv2009.1.x86_64.rpm 9af5d666780c971c014e4703a02735f5 2009.1/x86_64/bind-utils-9.6.1-0.1mdv2009.1.x86_64.rpm d11449cedd0e738e27518e5f65c06628 2009.1/SRPMS/bind-9.6.1-0.1mdv2009.1.src.rpm Mandriva Linux 2010.0: 370e9b2a7a28cbed55406fe55726362d 2010.0/i586/bind-9.6.1-4.1mdv2010.0.i586.rpm a5ac29331aee65433a5892cd836f0c98 2010.0/i586/bind-devel-9.6.1-4.1mdv2010.0.i586.rpm e7cc049f431f380300371341d5310c61 2010.0/i586/bind-doc-9.6.1-4.1mdv2010.0.i586.rpm 2e1ca9662985205be96c85ffda316da1 2010.0/i586/bind-utils-9.6.1-4.1mdv2010.0.i586.rpm 11cb180925f7705960f23d853fa75a82 2010.0/SRPMS/bind-9.6.1-4.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 3cc9cd36796d0e385d0768fca4e1df26 2010.0/x86_64/bind-9.6.1-4.1mdv2010.0.x86_64.rpm f4544efd9648274c057ff83340d9dbfb 2010.0/x86_64/bind-devel-9.6.1-4.1mdv2010.0.x86_64.rpm 6110c4726cc972c0226ffa89264c2d3a 2010.0/x86_64/bind-doc-9.6.1-4.1mdv2010.0.x86_64.rpm fbb65979f1b2c1184a4511eb554d9705 2010.0/x86_64/bind-utils-9.6.1-4.1mdv2010.0.x86_64.rpm 11cb180925f7705960f23d853fa75a82 2010.0/SRPMS/bind-9.6.1-4.1mdv2010.0.src.rpm Corporate 4.0: efa9da62f2e60853b87767f00ca547ef corporate/4.0/i586/bind-9.4.3-0.1.20060mlcs4.i586.rpm 7527a21df42df4e7868ba61879f42518 corporate/4.0/i586/bind-devel-9.4.3-0.1.20060mlcs4.i586.rpm 7646549a4dcc5f65e8ea6f8067e95070 corporate/4.0/i586/bind-utils-9.4.3-0.1.20060mlcs4.i586.rpm 36463b1e9d167038f904ca7df177898b corporate/4.0/SRPMS/bind-9.4.3-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: e41861745bb151fb5efc1bf9b50f6505 corporate/4.0/x86_64/bind-9.4.3-0.1.20060mlcs4.x86_64.rpm 9dd765db9f38a16221a275b96281802f corporate/4.0/x86_64/bind-devel-9.4.3-0.1.20060mlcs4.x86_64.rpm 4ae28b93e75875ec58e3bb5dbc39494d corporate/4.0/x86_64/bind-utils-9.4.3-0.1.20060mlcs4.x86_64.rpm 36463b1e9d167038f904ca7df177898b corporate/4.0/SRPMS/bind-9.4.3-0.1.20060mlcs4.src.rpm Mandriva Enterprise Server 5: 4c906960098af8693448ac5cb3766379 mes5/i586/bind-9.5.2-0.1mdvmes5.i586.rpm 9628b329b44d2d5969f7ff277d3d7f0b mes5/i586/bind-devel-9.5.2-0.1mdvmes5.i586.rpm 5e4096b88a627c1dec4238dfcf401ba2 mes5/i586/bind-doc-9.5.2-0.1mdvmes5.i586.rpm dcc67d5dc6e2df19b70bfc7eb07e3633 mes5/i586/bind-utils-9.5.2-0.1mdvmes5.i586.rpm 78aa573ae412f837d942225a77e56398 mes5/SRPMS/bind-9.5.2-0.1mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: 4bc1fb9a2260d4dda412102e7eca322b mes5/x86_64/bind-9.5.2-0.1mdvmes5.x86_64.rpm bf243b38288fd02299fe250547060d9d mes5/x86_64/bind-devel-9.5.2-0.1mdvmes5.x86_64.rpm c5913b8326477c600d4bd5f3524218ec mes5/x86_64/bind-doc-9.5.2-0.1mdvmes5.x86_64.rpm e555c924894703f24d91f9e4c7715927 mes5/x86_64/bind-utils-9.5.2-0.1mdvmes5.x86_64.rpm 78aa573ae412f837d942225a77e56398 mes5/SRPMS/bind-9.5.2-0.1mdvmes5.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLDqxBmqjQ0CJFipgRAq5SAKCtfakAexWy/C5PkEsNrFfrk7gQHwCgvY9R pmiCd4VANBSFJKkMchIBpjE= =q1sN -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/