exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2011-104

Mandriva Linux Security Advisory 2011-104
Posted Jun 1, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-104 - Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service via a negative response containing large RRSIG RRsets.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2011-1910
SHA-256 | 508ee1aa8ffd4f27a9758171dac332d4d481de68724feca7f6f389471dc75d4c

Mandriva Linux Security Advisory 2011-104

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2011:104
http://www.mandriva.com/security/
_______________________________________________________________________

Package : bind
Date : June 1, 2011
Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability has been identified and fixed in ISC BIND:

Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x
before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before
9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service
(assertion failure and daemon exit) via a negative response containing
large RRSIG RRsets (CVE-2011-1910).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php\?cPath=149\&products_id=490

The updated packages have been patched to correct this issue. For
2010.2 ISC BIND was upgraded to 9.7.3-P1 which is not vulnerable to
this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2009.0:
ebe0e9136ca078d55e8474b7e4774fa0 2009.0/i586/bind-9.6.2-0.3mdv2009.0.i586.rpm
4bcead4d6fffece6a8786e20580f433b 2009.0/i586/bind-devel-9.6.2-0.3mdv2009.0.i586.rpm
7c4269cc12c36c81b8d5e6beda01db22 2009.0/i586/bind-doc-9.6.2-0.3mdv2009.0.i586.rpm
180a7897d73d5f81bb22403bbfd01301 2009.0/i586/bind-utils-9.6.2-0.3mdv2009.0.i586.rpm
9ce92b36b69535037658b12de6ba91f3 2009.0/SRPMS/bind-9.6.2-0.3mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
b9711c2fc96a83b7b3ce16e872480a94 2009.0/x86_64/bind-9.6.2-0.3mdv2009.0.x86_64.rpm
835c967bdb7e163ee650ad4c2a93a02e 2009.0/x86_64/bind-devel-9.6.2-0.3mdv2009.0.x86_64.rpm
afd62cab2b8be8ab47307541cda19b1b 2009.0/x86_64/bind-doc-9.6.2-0.3mdv2009.0.x86_64.rpm
949e7df04821a40c180a43323fb1b6b3 2009.0/x86_64/bind-utils-9.6.2-0.3mdv2009.0.x86_64.rpm
9ce92b36b69535037658b12de6ba91f3 2009.0/SRPMS/bind-9.6.2-0.3mdv2009.0.src.rpm

Mandriva Linux 2010.1:
facbc4e2c06e947c116f22c6ab546dc9 2010.1/i586/bind-9.7.3-0.0.P1.1.1mdv2010.2.i586.rpm
15fe702c18438ad9a9d07d1a08e8dc5e 2010.1/i586/bind-devel-9.7.3-0.0.P1.1.1mdv2010.2.i586.rpm
f67cc34ea4fa188c6e1ce78a2f418cec 2010.1/i586/bind-doc-9.7.3-0.0.P1.1.1mdv2010.2.i586.rpm
c954e45cc2f928f8c241c1c544b76c1b 2010.1/i586/bind-utils-9.7.3-0.0.P1.1.1mdv2010.2.i586.rpm
a258d307cde57f5f8f750311d1922aee 2010.1/SRPMS/bind-9.7.3-0.0.P1.1.1mdv2010.2.src.rpm

Mandriva Linux 2010.1/X86_64:
7fc178b5236b9d82e028f1d95a0995e7 2010.1/x86_64/bind-9.7.3-0.0.P1.1.1mdv2010.2.x86_64.rpm
b9a1c2434083eec6bdf537249f62ef12 2010.1/x86_64/bind-devel-9.7.3-0.0.P1.1.1mdv2010.2.x86_64.rpm
923cbacff1dd7b8a35b248af46979f84 2010.1/x86_64/bind-doc-9.7.3-0.0.P1.1.1mdv2010.2.x86_64.rpm
c564274f9fd0a837963cd7359ef520de 2010.1/x86_64/bind-utils-9.7.3-0.0.P1.1.1mdv2010.2.x86_64.rpm
a258d307cde57f5f8f750311d1922aee 2010.1/SRPMS/bind-9.7.3-0.0.P1.1.1mdv2010.2.src.rpm

Corporate 4.0:
438be9cf334ebfabac9128ab17488b16 corporate/4.0/i586/bind-9.4.3-0.4.20060mlcs4.i586.rpm
73bdfc4039746f9f5ecc95c8b02c9baa corporate/4.0/i586/bind-devel-9.4.3-0.4.20060mlcs4.i586.rpm
b659532890edec643588df8097b4f9a4 corporate/4.0/i586/bind-utils-9.4.3-0.4.20060mlcs4.i586.rpm
6264781c61bac05330db0300520686aa corporate/4.0/SRPMS/bind-9.4.3-0.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
a202e00d59ea543e2e2683ebd21509c2 corporate/4.0/x86_64/bind-9.4.3-0.4.20060mlcs4.x86_64.rpm
c020841e7cc8ee34ec576a3dd3a6c053 corporate/4.0/x86_64/bind-devel-9.4.3-0.4.20060mlcs4.x86_64.rpm
47ee68c9f935447a0160850a6f151fb5 corporate/4.0/x86_64/bind-utils-9.4.3-0.4.20060mlcs4.x86_64.rpm
6264781c61bac05330db0300520686aa corporate/4.0/SRPMS/bind-9.4.3-0.4.20060mlcs4.src.rpm

Mandriva Enterprise Server 5:
467bf36fd2f979b44936a5048e66b177 mes5/i586/bind-9.6.2-0.3mdvmes5.2.i586.rpm
cb277066933724335637f05c89371a06 mes5/i586/bind-devel-9.6.2-0.3mdvmes5.2.i586.rpm
fc839ab342e30da3777d4e15af7412f6 mes5/i586/bind-doc-9.6.2-0.3mdvmes5.2.i586.rpm
e71726f1845cb35577fe18af40ec8798 mes5/i586/bind-utils-9.6.2-0.3mdvmes5.2.i586.rpm
ca697b83e7ae5d4d108ae6ca6ce95107 mes5/SRPMS/bind-9.6.2-0.3mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
7a488676d28da8704b51ca731b726697 mes5/x86_64/bind-9.6.2-0.3mdvmes5.2.x86_64.rpm
4803a569597c7372b7b2323da9220d4d mes5/x86_64/bind-devel-9.6.2-0.3mdvmes5.2.x86_64.rpm
1a6c027085db39464be568061c70c877 mes5/x86_64/bind-doc-9.6.2-0.3mdvmes5.2.x86_64.rpm
f520ec26e2c0e68e1f82767f1a4b6d54 mes5/x86_64/bind-utils-9.6.2-0.3mdvmes5.2.x86_64.rpm
ca697b83e7ae5d4d108ae6ca6ce95107 mes5/SRPMS/bind-9.6.2-0.3mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFN5f6imqjQ0CJFipgRAs4wAKDOL3FTk7jSEWa5qTIKW9MIDK1JPACg4OaL
NIUpP5tPKWYzuVaSXDP6iyg=
=rGeL
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close