[ MDVSA-2010:021 ] bind

2010-01-21T00:00:00
ID SECURITYVULNS:DOC:23087
Type securityvulns
Reporter Securityvulns
Modified 2010-01-21T00:00:00

Description

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


Mandriva Linux Security Advisory MDVSA-2010:021 http://www.mandriva.com/security/


Package : bind Date : January 20, 2010 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0


Problem Description:

Some vulnerabilities were discovered and corrected in bind:

The original fix for CVE-2009-4022 was found to be incomplete. BIND was incorrectly caching certain responses without performing proper DNSSEC validation. CNAME and DNAME records could be cached, without proper DNSSEC validation, when received from processing recursive client queries that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries (CVE-2010-0290).

There was an error in the DNSSEC NSEC/NSEC3 validation code that could cause bogus NXDOMAIN responses (that is, NXDOMAIN responses for records proven by NSEC or NSEC3 to exist) to be cached as if they had validated correctly, so that future queries to the resolver would return the bogus NXDOMAIN with the AD flag set (CVE-2010-0097).

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.

Additionally BIND has been upgraded to the latest patch release version.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0290 https://www.isc.org/node/504 https://www.isc.org/advisories/CVE-2009-4022v6 https://www.isc.org/advisories/CVE-2010-0097 https://bugzilla.redhat.com/show_bug.cgi?id=557121


Updated Packages:

Mandriva Linux 2008.0: 1e34c922d8288315da7f0b56eff4dedb 2008.0/i586/bind-9.4.3-0.2mdv2008.0.i586.rpm 4f70cf5495d8da10420809b7d0517ff5 2008.0/i586/bind-devel-9.4.3-0.2mdv2008.0.i586.rpm 16731072aefc3dbace3223b45298fc5f 2008.0/i586/bind-utils-9.4.3-0.2mdv2008.0.i586.rpm a006840a69139819aa67fcf2ea8a639a 2008.0/SRPMS/bind-9.4.3-0.2mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64: 17a1bc4c41a8bc3ce017f4f943c82055 2008.0/x86_64/bind-9.4.3-0.2mdv2008.0.x86_64.rpm 241c61e333d2ee2a7a5039382c3bb86f 2008.0/x86_64/bind-devel-9.4.3-0.2mdv2008.0.x86_64.rpm bc515c70242c2e4c474ee5fa7c14225b 2008.0/x86_64/bind-utils-9.4.3-0.2mdv2008.0.x86_64.rpm a006840a69139819aa67fcf2ea8a639a 2008.0/SRPMS/bind-9.4.3-0.2mdv2008.0.src.rpm

Mandriva Linux 2009.0: 8b26305703ab02b06e48ff14536e028c 2009.0/i586/bind-9.5.2-0.2mdv2009.0.i586.rpm d9575243d10ff6d1b89e9f863f745bf5 2009.0/i586/bind-devel-9.5.2-0.2mdv2009.0.i586.rpm 843fa0de56e209e035baae810fead5a7 2009.0/i586/bind-doc-9.5.2-0.2mdv2009.0.i586.rpm d0e73fb1d7c1cccd4a72571e9c7603e9 2009.0/i586/bind-utils-9.5.2-0.2mdv2009.0.i586.rpm 6568c238267d1d547804d37256704bf9 2009.0/SRPMS/bind-9.5.2-0.2mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64: b49ef48bf6db6c7d0de0da4a0de7401d 2009.0/x86_64/bind-9.5.2-0.2mdv2009.0.x86_64.rpm f4a281ec99558e09233d8e1142f08e0e 2009.0/x86_64/bind-devel-9.5.2-0.2mdv2009.0.x86_64.rpm d2ce2753ea50d65f6e6222745f972ff9 2009.0/x86_64/bind-doc-9.5.2-0.2mdv2009.0.x86_64.rpm 4ddf41b2ad82a4de63ad7a5127a69194 2009.0/x86_64/bind-utils-9.5.2-0.2mdv2009.0.x86_64.rpm 6568c238267d1d547804d37256704bf9 2009.0/SRPMS/bind-9.5.2-0.2mdv2009.0.src.rpm

Mandriva Linux 2009.1: d74f7d990791e26e6726856139973e9a 2009.1/i586/bind-9.6.1-0.2mdv2009.1.i586.rpm d7985532881c21424277cdcb60d18114 2009.1/i586/bind-devel-9.6.1-0.2mdv2009.1.i586.rpm bc17c2cc6bdcdbbfb4e1395bd439ba88 2009.1/i586/bind-doc-9.6.1-0.2mdv2009.1.i586.rpm 41f9b55e7c76a86edb2ac0acf27e553e 2009.1/i586/bind-utils-9.6.1-0.2mdv2009.1.i586.rpm c942e994b97a336f4fd5a0c5cf738549 2009.1/SRPMS/bind-9.6.1-0.2mdv2009.1.src.rpm

Mandriva Linux 2009.1/X86_64: fb5d4184bee0c7043b94a3e84a0157b3 2009.1/x86_64/bind-9.6.1-0.2mdv2009.1.x86_64.rpm bb6ca433443ab453c73a3f3576537664 2009.1/x86_64/bind-devel-9.6.1-0.2mdv2009.1.x86_64.rpm 78e18eea9b23f6efbf2e5344fc2cc648 2009.1/x86_64/bind-doc-9.6.1-0.2mdv2009.1.x86_64.rpm 1adb16932dda446bd5abaaa276ad124d 2009.1/x86_64/bind-utils-9.6.1-0.2mdv2009.1.x86_64.rpm c942e994b97a336f4fd5a0c5cf738549 2009.1/SRPMS/bind-9.6.1-0.2mdv2009.1.src.rpm

Mandriva Linux 2010.0: 2a43dd3cd4114c76c29ac84c33b75fef 2010.0/i586/bind-9.6.1-4.2mdv2010.0.i586.rpm f7146dd8d890f98582f536493e92a83f 2010.0/i586/bind-devel-9.6.1-4.2mdv2010.0.i586.rpm 5df56342d4c411b04e87f77117b6804c 2010.0/i586/bind-doc-9.6.1-4.2mdv2010.0.i586.rpm fb09cf1c22611a49f9e4f75554a337be 2010.0/i586/bind-utils-9.6.1-4.2mdv2010.0.i586.rpm f6459d6a6e926070e97e7aba94170631 2010.0/SRPMS/bind-9.6.1-4.2mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64: 53202e9e4bde9cca54bc15f45e5c792e 2010.0/x86_64/bind-9.6.1-4.2mdv2010.0.x86_64.rpm c086ca1a71254192b535a1c1f3237a88 2010.0/x86_64/bind-devel-9.6.1-4.2mdv2010.0.x86_64.rpm 154ab6458564150b255a2f812e20692d 2010.0/x86_64/bind-doc-9.6.1-4.2mdv2010.0.x86_64.rpm fb0e3afd17b048d410fb5d9b804ab122 2010.0/x86_64/bind-utils-9.6.1-4.2mdv2010.0.x86_64.rpm f6459d6a6e926070e97e7aba94170631 2010.0/SRPMS/bind-9.6.1-4.2mdv2010.0.src.rpm

Corporate 4.0: 5d343162e5df4074f8a766e5ba412c16 corporate/4.0/i586/bind-9.4.3-0.2.20060mlcs4.i586.rpm d1d81bb03511aa5045b377b8d5b9dda5 corporate/4.0/i586/bind-devel-9.4.3-0.2.20060mlcs4.i586.rpm 1c88a5de62896395a79cecabf756f297 corporate/4.0/i586/bind-utils-9.4.3-0.2.20060mlcs4.i586.rpm 34b8febb59628c25f594a90989f3d4ea corporate/4.0/SRPMS/bind-9.4.3-0.2.20060mlcs4.src.rpm

Corporate 4.0/X86_64: 4f2a0f0de08ca058aee7c3935290064e corporate/4.0/x86_64/bind-9.4.3-0.2.20060mlcs4.x86_64.rpm 8a5569c45fe9ee2263f6dbbdca195684 corporate/4.0/x86_64/bind-devel-9.4.3-0.2.20060mlcs4.x86_64.rpm d7466a30a031271fa6d911f1dafa561c corporate/4.0/x86_64/bind-utils-9.4.3-0.2.20060mlcs4.x86_64.rpm 34b8febb59628c25f594a90989f3d4ea corporate/4.0/SRPMS/bind-9.4.3-0.2.20060mlcs4.src.rpm

Mandriva Enterprise Server 5: 30fe9bb51f78f199d785ff4e6c999708 mes5/i586/bind-9.5.2-0.2mdvmes5.i586.rpm 290b224bcf4710b5bd8b054d903b7450 mes5/i586/bind-devel-9.5.2-0.2mdvmes5.i586.rpm 069cb4acbec0393d2d8249f971f4077a mes5/i586/bind-doc-9.5.2-0.2mdvmes5.i586.rpm b29152a5ac58aa5296be30ceadfc3890 mes5/i586/bind-utils-9.5.2-0.2mdvmes5.i586.rpm d7d2d8703f26e20ec36bfaf2816dd060 mes5/SRPMS/bind-9.5.2-0.2mdvmes5.src.rpm

Mandriva Enterprise Server 5/X86_64: 6cdae79e993981af90e491693a6d49b4 mes5/x86_64/bind-9.5.2-0.2mdvmes5.x86_64.rpm b042420f74563e0c9451fdf6d0b91d3e mes5/x86_64/bind-devel-9.5.2-0.2mdvmes5.x86_64.rpm a31659cdba90b49518e05ee0a9787c96 mes5/x86_64/bind-doc-9.5.2-0.2mdvmes5.x86_64.rpm badabfcf913acd2e9b83da6fe33c97cb mes5/x86_64/bind-utils-9.5.2-0.2mdvmes5.x86_64.rpm d7d2d8703f26e20ec36bfaf2816dd060 mes5/SRPMS/bind-9.5.2-0.2mdvmes5.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLVzchmqjQ0CJFipgRAug2AJ9cykjSF4FXGsupy/KcoitoqbDmJQCfZw6y Fw4zovyshx4dVKSm+x9gssQ= =UlsE -----END PGP SIGNATURE-----