exploit the possibilities

Mandriva Linux Security Advisory 2011-176-2

Mandriva Linux Security Advisory 2011-176-2
Posted Nov 18, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-176 - A vulnerability was discovered and corrected in bind. Cache lookup could return RRSIG data associated with nonexistent records, leading to an assertion failure. Packages provided for Mandriva Enterprise Server 5.2 and Mandriva Linux 2010.2 with the MDVSA-2011:176 and MDVSA-2011:176-1 advisory had wrong release numbers effectively preventing installation without excessive force due previous packaging mistakes. This advisory provides corrected packages to address the problem.

tags | advisory
systems | linux, mandriva
advisories | CVE-2011-4313
MD5 | d72b17719c41c9f7be3152e4383e6f0e

Mandriva Linux Security Advisory 2011-176-2

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2011:176-2
http://www.mandriva.com/security/
_______________________________________________________________________

Package : bind
Date : November 18, 2011
Affected: 2010.1, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability was discovered and corrected in bind:

Cache lookup could return RRSIG data associated with nonexistent
records, leading to an assertion failure. [ISC RT #26590]
(CVE-2011-4313).

The updated packages have been upgraded to bind 9.7.4-P1 and 9.8.1-P1
which is not vulnerable to this issue.

Update:

Packages provided for Mandriva Enterprise Server 5.2 and Mandriva
Linux 2010.2 with the MDVSA-2011:176 and MDVSA-2011:176-1 advisory
had wrong release numbers effectively preventing installation without
excessive force due previous packaging mistakes. This advisory provides
corrected packages to address the problem.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313
http://www.isc.org/software/bind/advisories/cve-2011-4313
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2010.1:
f39bf36a6c1338c67750fdc06e6c9938 2010.1/i586/bind-9.7.4-0.1.P1.1.1mdv2010.2.i586.rpm
18ddb3de45d1803f42690d29f193ad51 2010.1/i586/bind-devel-9.7.4-0.1.P1.1.1mdv2010.2.i586.rpm
44a8b036db1c7658f40c6c29ca94a9b2 2010.1/i586/bind-doc-9.7.4-0.1.P1.1.1mdv2010.2.i586.rpm
f65351bd5fa6fc2e71e6985613f30a13 2010.1/i586/bind-utils-9.7.4-0.1.P1.1.1mdv2010.2.i586.rpm
77c232d55313bc0758a26ec95e1f2462 2010.1/SRPMS/bind-9.7.4-0.1.P1.1.1mdv2010.2.src.rpm

Mandriva Linux 2010.1/X86_64:
921dc324393e6b72ec9af179636843a4 2010.1/x86_64/bind-9.7.4-0.1.P1.1.1mdv2010.2.x86_64.rpm
738901860b2e5a878338086e06ab62f7 2010.1/x86_64/bind-devel-9.7.4-0.1.P1.1.1mdv2010.2.x86_64.rpm
2091b711bf18faec158f2be894d3deed 2010.1/x86_64/bind-doc-9.7.4-0.1.P1.1.1mdv2010.2.x86_64.rpm
30da2bada8620c4f7e59db23924da8ee 2010.1/x86_64/bind-utils-9.7.4-0.1.P1.1.1mdv2010.2.x86_64.rpm
77c232d55313bc0758a26ec95e1f2462 2010.1/SRPMS/bind-9.7.4-0.1.P1.1.1mdv2010.2.src.rpm

Mandriva Enterprise Server 5:
73d2fef181508b237fc0d74a18c9fc4a mes5/i586/bind-9.7.4-0.1.P1.1.1mdvmes5.2.i586.rpm
ffe081e6ec682e94c1578d4f4c3f5afc mes5/i586/bind-devel-9.7.4-0.1.P1.1.1mdvmes5.2.i586.rpm
8aa53e66aaac5813521c637f300690aa mes5/i586/bind-doc-9.7.4-0.1.P1.1.1mdvmes5.2.i586.rpm
80adc93320f5aaabc031252a8e74a494 mes5/i586/bind-utils-9.7.4-0.1.P1.1.1mdvmes5.2.i586.rpm
6e7372177265cf8aba76855f8577f333 mes5/SRPMS/bind-9.7.4-0.1.P1.1.1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
81f88df7104598d1cecfaf07c20e539e mes5/x86_64/bind-9.7.4-0.1.P1.1.1mdvmes5.2.x86_64.rpm
e148d06c5e27c014974361a88bf6b66f mes5/x86_64/bind-devel-9.7.4-0.1.P1.1.1mdvmes5.2.x86_64.rpm
0deff4d64a7a0cfc2542d9a6a4539e8b mes5/x86_64/bind-doc-9.7.4-0.1.P1.1.1mdvmes5.2.x86_64.rpm
771f3758a10b8ef8c4a01ceaa6c6e4bc mes5/x86_64/bind-utils-9.7.4-0.1.P1.1.1mdvmes5.2.x86_64.rpm
6e7372177265cf8aba76855f8577f333 mes5/SRPMS/bind-9.7.4-0.1.P1.1.1mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOxkXwmqjQ0CJFipgRAp3YAJ0Xo94vNtFUfsTHI8kbQotHKJ5JFwCggLXg
w7F+KMFHmoO0i3407rWefGI=
=L8A3
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

February 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    22 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    2 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    50 Files
  • 6
    Feb 6th
    24 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    6 Files
  • 9
    Feb 9th
    1 Files
  • 10
    Feb 10th
    1 Files
  • 11
    Feb 11th
    22 Files
  • 12
    Feb 12th
    25 Files
  • 13
    Feb 13th
    16 Files
  • 14
    Feb 14th
    32 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    10 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close