what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2012-089

Mandriva Linux Security Advisory 2012-089
Posted Jun 12, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-089 - ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record. The updated packages have been upgraded to bind 9.7.6-P1 and 9.8.3-P1 which is not vulnerable to this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-1667
SHA-256 | a8217cffac821010635bfa2ad29fda43e42e61d06ec1bb8c1c4909f802aa412c

Mandriva Linux Security Advisory 2012-089

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:089
http://www.mandriva.com/security/
_______________________________________________________________________

Package : bind
Date : June 10, 2012
Affected: 2010.1, 2011., Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability was discovered and corrected in bind:

ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before
9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not
properly handle resource records with a zero-length RDATA section,
which allows remote DNS servers to cause a denial of service (daemon
crash or data corruption) or obtain sensitive information from process
memory via a crafted record (CVE-2012-1667).

The updated packages have been upgraded to bind 9.7.6-P1 and 9.8.3-P1
which is not vulnerable to this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667
http://www.isc.org/software/bind/advisories/cve-2012-1667
ftp://ftp.isc.org/isc/bind9/9.7.6-P1/RELEASE-NOTES-BIND-9.7.6-P1.txt
ftp://ftp.isc.org/isc/bind9/9.8.3-P1/RELEASE-NOTES-BIND-9.8.3-P1.txt
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2010.1:
a4136df144ce0ef0781484627484bc3f 2010.1/i586/bind-9.7.6-0.0.P1.0.1mdv2010.2.i586.rpm
830f7b84cf2891303b700f5336ee5e8d 2010.1/i586/bind-devel-9.7.6-0.0.P1.0.1mdv2010.2.i586.rpm
fc21a051f543d69e15bd4fe5e5cb10a0 2010.1/i586/bind-doc-9.7.6-0.0.P1.0.1mdv2010.2.i586.rpm
da27c14c4b98d3866682bc7e5d76ad8d 2010.1/i586/bind-utils-9.7.6-0.0.P1.0.1mdv2010.2.i586.rpm
f00a92647f3f43aa8f9d906dbf11094a 2010.1/SRPMS/bind-9.7.6-0.0.P1.0.1mdv2010.2.src.rpm

Mandriva Linux 2010.1/X86_64:
115a51a772e1ea94bf8af6bb28996bdb 2010.1/x86_64/bind-9.7.6-0.0.P1.0.1mdv2010.2.x86_64.rpm
d79ad8c6cb1a6b784d935b13a7b2fe15 2010.1/x86_64/bind-devel-9.7.6-0.0.P1.0.1mdv2010.2.x86_64.rpm
901e102627a664dad0f464cd385e7fb2 2010.1/x86_64/bind-doc-9.7.6-0.0.P1.0.1mdv2010.2.x86_64.rpm
60b40f20a525dfa67302252caf2bcb33 2010.1/x86_64/bind-utils-9.7.6-0.0.P1.0.1mdv2010.2.x86_64.rpm
f00a92647f3f43aa8f9d906dbf11094a 2010.1/SRPMS/bind-9.7.6-0.0.P1.0.1mdv2010.2.src.rpm

Mandriva Linux 2011:
16926abc70e854a0b58b7469ef1d77c7 2011/i586/bind-9.8.3-0.0.P1.0.1-mdv2011.0.i586.rpm
b265f7b3f622b60848f9659bbe6cd0a8 2011/i586/bind-devel-9.8.3-0.0.P1.0.1-mdv2011.0.i586.rpm
3b4e397326b5196736ce9c2f373c4447 2011/i586/bind-doc-9.8.3-0.0.P1.0.1-mdv2011.0.i586.rpm
e3c925102fee466f43be8a94cf0852da 2011/i586/bind-utils-9.8.3-0.0.P1.0.1-mdv2011.0.i586.rpm
a54ef9cfd588215069052d5ca3df8005 2011/SRPMS/bind-9.8.3-0.0.P1.0.1.src.rpm

Mandriva Linux 2011/X86_64:
f006220d59f7f9e9ff6f24d6dfb2719d 2011/x86_64/bind-9.8.3-0.0.P1.0.1-mdv2011.0.x86_64.rpm
e6d643c23141dd4b3312728001c03df5 2011/x86_64/bind-devel-9.8.3-0.0.P1.0.1-mdv2011.0.x86_64.rpm
ffc9fccb94a33172c5e0ca1984702bbf 2011/x86_64/bind-doc-9.8.3-0.0.P1.0.1-mdv2011.0.x86_64.rpm
a34967d48b339fb807e769b3a20788a9 2011/x86_64/bind-utils-9.8.3-0.0.P1.0.1-mdv2011.0.x86_64.rpm
a54ef9cfd588215069052d5ca3df8005 2011/SRPMS/bind-9.8.3-0.0.P1.0.1.src.rpm

Mandriva Enterprise Server 5:
c3aa5e672f6b03ff34be06ca8720df55 mes5/i586/bind-9.7.6-0.0.P1.0.1mdvmes5.2.i586.rpm
ac267bb10d0403e2eed5982441dc833e mes5/i586/bind-devel-9.7.6-0.0.P1.0.1mdvmes5.2.i586.rpm
cde8a82803d1562b1d63c632db9b15ac mes5/i586/bind-doc-9.7.6-0.0.P1.0.1mdvmes5.2.i586.rpm
a53c6290a90c9fd6b11fd1f68686bcca mes5/i586/bind-utils-9.7.6-0.0.P1.0.1mdvmes5.2.i586.rpm
1c9f0bbac5e8683cf36c119fce7fb1f5 mes5/SRPMS/bind-9.7.6-0.0.P1.0.1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
552f5c44303d73c8701e174fd6555e68 mes5/x86_64/bind-9.7.6-0.0.P1.0.1mdvmes5.2.x86_64.rpm
9ace83917f5db66354b58dd085488f2e mes5/x86_64/bind-devel-9.7.6-0.0.P1.0.1mdvmes5.2.x86_64.rpm
3cf233df1f5e677b120ec3c26333b9ff mes5/x86_64/bind-doc-9.7.6-0.0.P1.0.1mdvmes5.2.x86_64.rpm
69a3801fcecbd480f97aa7825714f8fd mes5/x86_64/bind-utils-9.7.6-0.0.P1.0.1mdvmes5.2.x86_64.rpm
1c9f0bbac5e8683cf36c119fce7fb1f5 mes5/SRPMS/bind-9.7.6-0.0.P1.0.1mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFP1FjRmqjQ0CJFipgRAjWhAKDCW3YpIL8J6xcMyNU9ipEJXLa+qACgqkEc
wr9IaDsAueQ2fsX+Lg0P+Bg=
=y/KY
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close