Gentoo Archives: gentoo-announce

From: Stefan Behte <craig@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] [ GLSA 201206-01 ] BIND: Multiple vulnerabilities
Date: Sat, 02 Jun 2012 14:05:20
Message-Id: 4FCA1BD6.4030003@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201206-01
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: BIND: Multiple vulnerabilities
9 Date: June 02, 2012
10 Bugs: #347621, #356223, #368863, #374201, #374623, #390753
11 ID: 201206-01
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in BIND, the worst of which
19 allowing to cause remote Denial of Service.
20
21 Background
22 ==========
23
24 BIND is the Berkeley Internet Name Domain Server.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 net-dns/bind < 9.7.4_p1 >= 9.7.4_p1
33
34 Description
35 ===========
36
37 Multiple vulnerabilities have been discovered in BIND. Please review
38 the CVE identifiers referenced below for details.
39
40 Impact
41 ======
42
43 The vulnerabilities allow remote attackers to cause a Denial of Service
44 (daemon crash) via a DNS query, to bypass intended access restrictions,
45 to incorrectly cache a ncache entry and a rrsig for the same type and
46 to incorrectly mark zone data as insecure.
47
48 Workaround
49 ==========
50
51 There is no known workaround at this time.
52
53 Resolution
54 ==========
55
56 All bind users should upgrade to the latest version:
57
58 # emerge --sync
59 # emerge --ask --oneshot --verbose ">=net-dns/bind-9.7.4_p1"
60
61 NOTE: This is a legacy GLSA. Updates for all affected architectures are
62 available since December 22, 2011. It is likely that your system is
63 already
64 no longer affected by this issue.
65
66 References
67 ==========
68
69 [ 1 ] CVE-2010-3613
70 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3613
71 [ 2 ] CVE-2010-3614
72 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3614
73 [ 3 ] CVE-2010-3615
74 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3615
75 [ 4 ] CVE-2010-3762
76 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3762
77 [ 5 ] CVE-2011-0414
78 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0414
79 [ 6 ] CVE-2011-1910
80 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1910
81 [ 7 ] CVE-2011-2464
82 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2464
83 [ 8 ] CVE-2011-2465
84 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2465
85 [ 9 ] CVE-2011-4313
86 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4313
87
88 Availability
89 ============
90
91 This GLSA and any updates to it are available for viewing at
92 the Gentoo Security Website:
93
94 http://security.gentoo.org/glsa/glsa-201206-01.xml
95
96 Concerns?
97 =========
98
99 Security is a primary focus of Gentoo Linux and ensuring the
100 confidentiality and security of our users' machines is of utmost
101 importance to us. Any security concerns should be addressed to
102 security@g.o or alternatively, you may file a bug at
103 https://bugs.gentoo.org.
104
105 License
106 =======
107
108 Copyright 2012 Gentoo Foundation, Inc; referenced text
109 belongs to its owner(s).
110
111 The contents of this document are licensed under the
112 Creative Commons - Attribution / Share Alike license.
113
114 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature