-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:181 http://www.mandriva.com/security/ _______________________________________________________________________ Package : bind Date : July 29, 2009 Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0, Enterprise Server 5.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in ISC BIND: The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009 (CVE-2009-0696). This update provides fixes for this vulnerability. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696 https://www.isc.org/node/474 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: e6954e8c6ec43b4c6a142e25db1ee607 2008.1/i586/bind-9.5.0-3.4mdv2008.1.i586.rpm 81e0917fe1690770b1a975e54a400a44 2008.1/i586/bind-devel-9.5.0-3.4mdv2008.1.i586.rpm cb4f4760ce0c1c1bd043ef4a13d1f101 2008.1/i586/bind-doc-9.5.0-3.4mdv2008.1.i586.rpm 392f91ef627ecc26ac42cfc2f5834ecf 2008.1/i586/bind-utils-9.5.0-3.4mdv2008.1.i586.rpm 1172f4549217df6e70ee0efa6160b718 2008.1/SRPMS/bind-9.5.0-3.4mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: e655a1b5bc45d99866fa8955417daf8a 2008.1/x86_64/bind-9.5.0-3.4mdv2008.1.x86_64.rpm caacb8c2054722652a7f3ee052529b52 2008.1/x86_64/bind-devel-9.5.0-3.4mdv2008.1.x86_64.rpm 675ed9b7e36c82830974231143d48e54 2008.1/x86_64/bind-doc-9.5.0-3.4mdv2008.1.x86_64.rpm 4ca2b9b2fee2d3d1ba713e99e35e56a4 2008.1/x86_64/bind-utils-9.5.0-3.4mdv2008.1.x86_64.rpm 1172f4549217df6e70ee0efa6160b718 2008.1/SRPMS/bind-9.5.0-3.4mdv2008.1.src.rpm Mandriva Linux 2009.0: 2265c306b34a926e8c4b63f310ca4318 2009.0/i586/bind-9.5.0-6.4mdv2009.0.i586.rpm 1dae5953fc557b5a88679e37f590e287 2009.0/i586/bind-devel-9.5.0-6.4mdv2009.0.i586.rpm b82af709c2801f4d111cc5a295806929 2009.0/i586/bind-doc-9.5.0-6.4mdv2009.0.i586.rpm 0bba8fe3d466765c3d163963e33dcd1c 2009.0/i586/bind-utils-9.5.0-6.4mdv2009.0.i586.rpm 3bf489be108ec7613f0de79b5771980c 2009.0/SRPMS/bind-9.5.0-6.4mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: b571f86841123623cbdb3dadee4e6d40 2009.0/x86_64/bind-9.5.0-6.4mdv2009.0.x86_64.rpm e49c9641971fdab0686e41e5c66dfa28 2009.0/x86_64/bind-devel-9.5.0-6.4mdv2009.0.x86_64.rpm 4e836a0efeb07fa84321ddb4d79fa214 2009.0/x86_64/bind-doc-9.5.0-6.4mdv2009.0.x86_64.rpm 91cfe29ee1fc761bd061c014419a98a1 2009.0/x86_64/bind-utils-9.5.0-6.4mdv2009.0.x86_64.rpm 3bf489be108ec7613f0de79b5771980c 2009.0/SRPMS/bind-9.5.0-6.4mdv2009.0.src.rpm Mandriva Linux 2009.1: 1574e7cbe3f99be7528a5a4bba0b3c36 2009.1/i586/bind-9.6.0-5.1mdv2009.1.i586.rpm 997bcefef70cfc0fd64de97d475bd8ef 2009.1/i586/bind-devel-9.6.0-5.1mdv2009.1.i586.rpm d7d97138aa182a78ede02ce936ec621e 2009.1/i586/bind-doc-9.6.0-5.1mdv2009.1.i586.rpm 64efbfdb6205e36d0d82e4c46f888933 2009.1/i586/bind-utils-9.6.0-5.1mdv2009.1.i586.rpm f64f798351976a450ba3756dd0fea502 2009.1/SRPMS/bind-9.6.0-5.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 7b2b3a7e9ffd634066da56b16f48c5ad 2009.1/x86_64/bind-9.6.0-5.1mdv2009.1.x86_64.rpm 6ce05498dcb76c23822cd15f0d9817d0 2009.1/x86_64/bind-devel-9.6.0-5.1mdv2009.1.x86_64.rpm 60f42f942cea6b39807ffafe64ae9648 2009.1/x86_64/bind-doc-9.6.0-5.1mdv2009.1.x86_64.rpm 1ed29f65cfe371a0770ac4e08d15c595 2009.1/x86_64/bind-utils-9.6.0-5.1mdv2009.1.x86_64.rpm f64f798351976a450ba3756dd0fea502 2009.1/SRPMS/bind-9.6.0-5.1mdv2009.1.src.rpm Corporate 3.0: 22fbe7ff4f3a62c34130d41cdfe17440 corporate/3.0/i586/bind-9.2.3-6.8.C30mdk.i586.rpm 9a60dfe70446c27a570746495e454855 corporate/3.0/i586/bind-devel-9.2.3-6.8.C30mdk.i586.rpm 29c99438058a46b60922d5c15c1f5369 corporate/3.0/i586/bind-utils-9.2.3-6.8.C30mdk.i586.rpm 18203a5552b8762360078ca0b6508536 corporate/3.0/SRPMS/bind-9.2.3-6.8.C30mdk.src.rpm Corporate 3.0/X86_64: 7510ae88d8625a3172dfd26e8873fd8d corporate/3.0/x86_64/bind-9.2.3-6.8.C30mdk.x86_64.rpm fabf1e537f98e0de07912a6c60f2f648 corporate/3.0/x86_64/bind-devel-9.2.3-6.8.C30mdk.x86_64.rpm 21ee584f94d252b6ff6d9ea89c61abb1 corporate/3.0/x86_64/bind-utils-9.2.3-6.8.C30mdk.x86_64.rpm 18203a5552b8762360078ca0b6508536 corporate/3.0/SRPMS/bind-9.2.3-6.8.C30mdk.src.rpm Corporate 4.0: 3e3e68b286742686c972aecff9a821f7 corporate/4.0/i586/bind-9.3.5-0.7.20060mlcs4.i586.rpm e56467e964a808c4ba84ac5b59dd6424 corporate/4.0/i586/bind-devel-9.3.5-0.7.20060mlcs4.i586.rpm 8a01ede152e11e28b4e1db96b562c046 corporate/4.0/i586/bind-utils-9.3.5-0.7.20060mlcs4.i586.rpm 116ed44cd0dd21258aa7824e9a660bc4 corporate/4.0/SRPMS/bind-9.3.5-0.7.20060mlcs4.src.rpm Corporate 4.0/X86_64: 4efab5c2fb9acd53199f9730fde4d56d corporate/4.0/x86_64/bind-9.3.5-0.7.20060mlcs4.x86_64.rpm bacca9e65e9940c5faa0d5d8c6e2b8aa corporate/4.0/x86_64/bind-devel-9.3.5-0.7.20060mlcs4.x86_64.rpm 4ee28311421e5a715d7494eab41d486b corporate/4.0/x86_64/bind-utils-9.3.5-0.7.20060mlcs4.x86_64.rpm 116ed44cd0dd21258aa7824e9a660bc4 corporate/4.0/SRPMS/bind-9.3.5-0.7.20060mlcs4.src.rpm Mandriva Enterprise Server 5: c595df5d7837f1e2fa28c741dcb0b073 mes5/i586/bind-9.5.0-6.4mdvmes5.i586.rpm 53f5197e2ff0adb2590f796813a843bd mes5/i586/bind-devel-9.5.0-6.4mdvmes5.i586.rpm 267c0a8de1771e35f575869cc9296fbf mes5/i586/bind-doc-9.5.0-6.4mdvmes5.i586.rpm fd370574fcbab1d29a263b2984e84992 mes5/i586/bind-utils-9.5.0-6.4mdvmes5.i586.rpm 662f581bbcb2769ae7592dcdfa89338b mes5/SRPMS/bind-9.5.0-6.4mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: 71c58946ec1a3e1c97abf95956e2bbd5 mes5/x86_64/bind-9.5.0-6.4mdvmes5.x86_64.rpm 4c2a8234aaef6d6d6a38f68c121360f6 mes5/x86_64/bind-devel-9.5.0-6.4mdvmes5.x86_64.rpm 80f122911d2b83b12e45c83c7733cde8 mes5/x86_64/bind-doc-9.5.0-6.4mdvmes5.x86_64.rpm c305c929f1bbb0007c7d6480d8d7a184 mes5/x86_64/bind-utils-9.5.0-6.4mdvmes5.x86_64.rpm 662f581bbcb2769ae7592dcdfa89338b mes5/SRPMS/bind-9.5.0-6.4mdvmes5.src.rpm Multi Network Firewall 2.0: 8cce4c7c205c4bed1d745583d0aa6727 mnf/2.0/i586/bind-9.2.3-6.8.C30mdk.i586.rpm cab4d48d43a88546914e40d91c2024ec mnf/2.0/i586/bind-devel-9.2.3-6.8.C30mdk.i586.rpm bc1ed470759bf793159cfc7ac966c661 mnf/2.0/i586/bind-utils-9.2.3-6.8.C30mdk.i586.rpm e4a352e32611c30df4ba2a5154ff9ab2 mnf/2.0/SRPMS/bind-9.2.3-6.8.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKcIiHmqjQ0CJFipgRAiITAJ9w9mLoi0MUZpc8uTCL44E9JvJU4wCgm1D3 b1R19QdVVKyTws4xZhfaesw= =WzGU -----END PGP SIGNATURE-----