Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Sean Amoss <ackle@g.o>
To: gentoo-announce@l.g.o
Cc: buqtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 201201-05 ] mDNSResponder: Multiple vulnerabilities
Date: Sun, 22 Jan 2012 14:32:45
Message-Id: 4F1C1C94.40800@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201201-05
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: mDNSResponder: Multiple vulnerabilities
9 Date: January 20, 2012
10 Bugs: #290822
11 ID: 201201-05
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in mDNSResponder, which could
19 lead to execution of arbitrary code with root privileges.
20
21 Background
22 ==========
23
24 mDNSResponder is a component of Apple's Bonjour, an initiative for
25 zero-configuration networking.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 net-misc/mDNSResponder < 212.1 >= 212.1
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in mDNSResponder. Please
39 review the CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 A local or remote attacker may be able to execute arbitrary code with
45 root privileges or cause a Denial of Service.
46
47 Workaround
48 ==========
49
50 There is no known workaround at this time.
51
52 Resolution
53 ==========
54
55 All mDNSResponder users should upgrade to the latest version:
56
57 # emerge --sync
58 # emerge --ask --oneshot --verbose ">=net-misc/mDNSResponder-212.1"
59
60 NOTE: This is a legacy GLSA. Updates for all affected architectures are
61 available since November 21, 2009. It is likely that your system is
62 already no longer affected by this issue.
63
64 References
65 ==========
66
67 [ 1 ] CVE-2007-2386
68 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2386
69 [ 2 ] CVE-2007-3744
70 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3744
71 [ 3 ] CVE-2007-3828
72 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3828
73 [ 4 ] CVE-2008-0989
74 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0989
75 [ 5 ] CVE-2008-2326
76 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2326
77 [ 6 ] CVE-2008-3630
78 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3630
79
80 Availability
81 ============
82
83 This GLSA and any updates to it are available for viewing at
84 the Gentoo Security Website:
85
86 http://security.gentoo.org/glsa/glsa-201201-05.xml
87
88 Concerns?
89 =========
90
91 Security is a primary focus of Gentoo Linux and ensuring the
92 confidentiality and security of our users' machines is of utmost
93 importance to us. Any security concerns should be addressed to
94 security@g.o or alternatively, you may file a bug at
95 https://bugs.gentoo.org.
96
97 License
98 =======
99
100 Copyright 2012 Gentoo Foundation, Inc; referenced text
101 belongs to its owner(s).
102
103 The contents of this document are licensed under the
104 Creative Commons - Attribution / Share Alike license.
105
106 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups