what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2015-165

Mandriva Linux Security Advisory 2015-165
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-165 - By making use of maliciously-constructed zones or a rogue server, an attacker can exploit an oversight in the code BIND 9 uses to follow delegations in the Domain Name Service, causing BIND to issue unlimited queries in an attempt to follow the delegation. This can lead to resource exhaustion and denial of service.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2014-8500, CVE-2015-1349
SHA-256 | 1b590fc51333510284a3f960ee5db24e4033e0c82e4a366baec311dff230159a

Mandriva Linux Security Advisory 2015-165

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:165
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : bind
Date : March 29, 2015
Affected: Business Server 2.0
_______________________________________________________________________

Problem Description:

Updated bind packages fix security vulnerabilities:

By making use of maliciously-constructed zones or a rogue server,
an attacker can exploit an oversight in the code BIND 9 uses to
follow delegations in the Domain Name Service, causing BIND to issue
unlimited queries in an attempt to follow the delegation. This can
lead to resource exhaustion and denial of service (up to and including
termination of the named server process) (CVE-2014-8500).

Jan-Piet Mens discovered that the BIND DNS server would crash when
processing an invalid DNSSEC key rollover, either due to an error
on the zone operator's part, or due to interference with network
traffic by an attacker. This issue affects configurations with the
directives "dnssec-lookaside auto;" (as enabled in the Mandriva
default configuration) or "dnssec-validation auto;" (CVE-2015-1349).
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1349
http://advisories.mageia.org/MGASA-2014-0524.html
http://advisories.mageia.org/MGASA-2015-0082.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 2/X86_64:
a2cf83873b09b47275d0030063a236c8 mbs2/x86_64/bind-9.10.1.P2-7.mbs2.x86_64.rpm
83d97de0884ef84b933cb06bfbbce24a mbs2/x86_64/bind-devel-9.10.1.P2-7.mbs2.x86_64.rpm
633a8a160c3be4dda5f134550288df8f mbs2/x86_64/bind-doc-9.10.1.P2-7.mbs2.noarch.rpm
40760cee0f0c97261b80d159ab60cb32 mbs2/x86_64/bind-sdb-9.10.1.P2-7.mbs2.x86_64.rpm
ec17a87a3d0e50c4a1c33c84adc0c08b mbs2/x86_64/bind-utils-9.10.1.P2-7.mbs2.x86_64.rpm
95f44b351208cfcbf15108dc707b0f21 mbs2/SRPMS/bind-9.10.1.P2-7.mbs2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVGDuOmqjQ0CJFipgRAqQsAJ9YWfOhd3JZjB1DstzQh7xCT2fJWQCfYwBx
FGoDrVNSJeks4jEO5ZrIaN8=
=0F9B
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close