[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201206-01.xml - gentoo-commits

From:	"Stefan Behte (craig)" <craig@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201206-01.xml
Date:	Sat, 02 Jun 2012 13:58:12
Message-Id:	`20120602135801.6BE2D2004B@flycatcher.gentoo.org`

1

craig       12/06/02 13:58:01

2

3

  Added:                glsa-201206-01.xml

4

  Log:

5

  GLSA 201206-01

6

7

Revision  Changes    Path

8

1.1                  xml/htdocs/security/en/glsa/glsa-201206-01.xml

9

10

file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201206-01.xml?rev=1.1&view=markup

11

plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201206-01.xml?rev=1.1&content-type=text/plain

12

13

Index: glsa-201206-01.xml

14

===================================================================

15

<?xml version="1.0" encoding="UTF-8"?>

16

<?xml-stylesheet type="text/xsl" href="/xsl/glsa.xsl"?>

17

<?xml-stylesheet type="text/xsl" href="/xsl/guide.xsl"?>

18

<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">

19

<glsa id="201206-01">

20

  <title>BIND: Multiple vulnerabilities</title>

21

  <synopsis>Multiple vulnerabilities have been found in BIND, the worst of

22

    which allowing to cause remote Denial of Service.

23

  </synopsis>

24

  <product type="ebuild">bind</product>

25

  <announced>June 02, 2012</announced>

26

  <revised>June 02, 2012: 1</revised>

27

  <bug>347621</bug>

28

  <bug>356223</bug>

29

  <bug>368863</bug>

30

  <bug>374201</bug>

31

  <bug>374623</bug>

32

  <bug>390753</bug>

33

  <access>remote</access>

34

  <affected>

35

    <package name="net-dns/bind" auto="yes" arch="*">

36

      <unaffected range="ge">9.7.4_p1</unaffected>

37

      <vulnerable range="lt">9.7.4_p1</vulnerable>

38

    </package>

39

  </affected>

40

  <background>

41

    <p>BIND is the Berkeley Internet Name Domain Server.</p>

42

  </background>

43

  <description>

44

    <p>Multiple vulnerabilities have been discovered in BIND. Please review the

45

      CVE identifiers referenced below for details.

46

    </p>

47

  </description>

48

  <impact type="normal">

49

    <p>The vulnerabilities allow remote attackers to cause a Denial of Service

50

      (daemon crash) via a DNS query, to bypass intended access restrictions,

51

      to incorrectly cache a ncache entry and a rrsig for the same type and to

52

      incorrectly mark zone data as insecure.

53

    </p>

54

  </impact>

55

  <workaround>

56

    <p>There is no known workaround at this time.</p>

57

  </workaround>

58

  <resolution>

59

    <p>All bind users should upgrade to the latest version:</p>

60

61

    <code>

62

      # emerge --sync

63

      # emerge --ask --oneshot --verbose "&gt;=net-dns/bind-9.7.4_p1"

64

    </code>

65

66

    <p>NOTE: This is a legacy GLSA. Updates for all affected architectures are

67

      available since December 22, 2011. It is likely that your system is

68

      already

69

      no longer affected by this issue. 

70

    </p>

71

  </resolution>

72

  <references>

73

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3613">CVE-2010-3613</uri>

74

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3614">CVE-2010-3614</uri>

75

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3615">CVE-2010-3615</uri>

76

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3762">CVE-2010-3762</uri>

77

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0414">CVE-2011-0414</uri>

78

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1910">CVE-2011-1910</uri>

79

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2464">CVE-2011-2464</uri>

80

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2465">CVE-2011-2465</uri>

81

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4313">CVE-2011-4313</uri>

82

  </references>

83

  <metadata timestamp="Fri, 07 Oct 2011 23:37:02 +0000" tag="requester">craig</metadata>

84

  <metadata timestamp="Sat, 02 Jun 2012 13:53:49 +0000" tag="submitter">craig</metadata>

85

</glsa>

1	craig 12/06/02 13:58:01
2
3	Added: glsa-201206-01.xml
4	Log:
5	GLSA 201206-01
6
7	Revision Changes Path
8	1.1 xml/htdocs/security/en/glsa/glsa-201206-01.xml
9
10	file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201206-01.xml?rev=1.1&view=markup
11	plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201206-01.xml?rev=1.1&content-type=text/plain
12
13	Index: glsa-201206-01.xml
14	===================================================================
15	<?xml version="1.0" encoding="UTF-8"?>
16	<?xml-stylesheet type="text/xsl" href="/xsl/glsa.xsl"?>
17	<?xml-stylesheet type="text/xsl" href="/xsl/guide.xsl"?>
18	<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
19	<glsa id="201206-01">
20	<title>BIND: Multiple vulnerabilities</title>
21	<synopsis>Multiple vulnerabilities have been found in BIND, the worst of
22	which allowing to cause remote Denial of Service.
23	</synopsis>
24	<product type="ebuild">bind</product>
25	<announced>June 02, 2012</announced>
26	<revised>June 02, 2012: 1</revised>
27	<bug>347621</bug>
28	<bug>356223</bug>
29	<bug>368863</bug>
30	<bug>374201</bug>
31	<bug>374623</bug>
32	<bug>390753</bug>
33	<access>remote</access>
34	<affected>
35	<package name="net-dns/bind" auto="yes" arch="*">
36	<unaffected range="ge">9.7.4_p1</unaffected>
37	<vulnerable range="lt">9.7.4_p1</vulnerable>
38	</package>
39	</affected>
40	<background>
41	<p>BIND is the Berkeley Internet Name Domain Server.</p>
42	</background>
43	<description>
44	<p>Multiple vulnerabilities have been discovered in BIND. Please review the
45	CVE identifiers referenced below for details.
46	</p>
47	</description>
48	<impact type="normal">
49	<p>The vulnerabilities allow remote attackers to cause a Denial of Service
50	(daemon crash) via a DNS query, to bypass intended access restrictions,
51	to incorrectly cache a ncache entry and a rrsig for the same type and to
52	incorrectly mark zone data as insecure.
53	</p>
54	</impact>
55	<workaround>
56	<p>There is no known workaround at this time.</p>
57	</workaround>
58	<resolution>
59	<p>All bind users should upgrade to the latest version:</p>
60
61	<code>
62	# emerge --sync
63	# emerge --ask --oneshot --verbose ">=net-dns/bind-9.7.4_p1"
64	</code>
65
66	<p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
67	available since December 22, 2011. It is likely that your system is
68	already
69	no longer affected by this issue.
70	</p>
71	</resolution>
72	<references>
73	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3613">CVE-2010-3613</uri>
74	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3614">CVE-2010-3614</uri>
75	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3615">CVE-2010-3615</uri>
76	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3762">CVE-2010-3762</uri>
77	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0414">CVE-2011-0414</uri>
78	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1910">CVE-2011-1910</uri>
79	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2464">CVE-2011-2464</uri>
80	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2465">CVE-2011-2465</uri>
81	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4313">CVE-2011-4313</uri>
82	</references>
83	<metadata timestamp="Fri, 07 Oct 2011 23:37:02 +0000" tag="requester">craig</metadata>
84	<metadata timestamp="Sat, 02 Jun 2012 13:53:49 +0000" tag="submitter">craig</metadata>
85	</glsa>

Gentoo Archives: gentoo-commits