Mandriva Linux Security Advisory 2015-054 - Jan-Piet Mens discovered that the BIND DNS server would crash when processing an invalid DNSSEC key rollover, either due to an error on the zone operator's part, or due to interference with network traffic by an attacker.
a34207981a886a158577856e030851948b7a3f3e331735b3a69d0f3f55895e6f-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:054
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : bind
Date : March 4, 2015
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
Updated bind packages fix security vulnerability:
Jan-Piet Mens discovered that the BIND DNS server would crash when
processing an invalid DNSSEC key rollover, either due to an error
on the zone operator's part, or due to interference with network
traffic by an attacker. This issue affects configurations with the
directives "dnssec-lookaside auto\;" (as enabled in the Mageia default
configuration) or "dnssec-validation auto\;" (CVE-2015-1349).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1349
http://advisories.mageia.org/MGASA-2015-0082.html
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
87d17f8944dfd07774598f951a5e342b mbs1/x86_64/bind-9.9.6.P2-1.mbs1.x86_64.rpm
7cc5d1caba2e2ee6f1a7ed34f57d5734 mbs1/x86_64/bind-devel-9.9.6.P2-1.mbs1.x86_64.rpm
3c58166143183223d74e5213ca5feb1b mbs1/x86_64/bind-doc-9.9.6.P2-1.mbs1.noarch.rpm
22a57fbda0364ea2a8b623c3958d80da mbs1/x86_64/bind-sdb-9.9.6.P2-1.mbs1.x86_64.rpm
14e2df9a464db7af7da97c7ab3fe866d mbs1/x86_64/bind-utils-9.9.6.P2-1.mbs1.x86_64.rpm
eb0a296b13c026ae8bdbcf8d2a9199ae mbs1/SRPMS/bind-9.9.6.P2-1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFU9taUmqjQ0CJFipgRAm8dAJ9mWM/Zah+H/QHeBbwwx9DcP54zqwCfZRjn
87ZiU5dQZbf2iCdtu/JkkPA=
=t1Cp
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed