Mandriva Linux Security Advisory 2012-089 - ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record. The updated packages have been upgraded to bind 9.7.6-P1 and 9.8.3-P1 which is not vulnerable to this issue.
a8217cffac821010635bfa2ad29fda43e42e61d06ec1bb8c1c4909f802aa412c
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2012:089
https://www.mandriva.com/security/
_______________________________________________________________________
Package : bind
Date : June 10, 2012
Affected: 2010.1, 2011., Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability was discovered and corrected in bind:
ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before
9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not
properly handle resource records with a zero-length RDATA section,
which allows remote DNS servers to cause a denial of service (daemon
crash or data corruption) or obtain sensitive information from process
memory via a crafted record (CVE-2012-1667).
The updated packages have been upgraded to bind 9.7.6-P1 and 9.8.3-P1
which is not vulnerable to this issue.
_______________________________________________________________________
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667
https://www.isc.org/software/bind/advisories/cve-2012-1667
ftp://ftp.isc.org/isc/bind9/9.7.6-P1/RELEASE-NOTES-BIND-9.7.6-P1.txt
ftp://ftp.isc.org/isc/bind9/9.8.3-P1/RELEASE-NOTES-BIND-9.8.3-P1.txt
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
a4136df144ce0ef0781484627484bc3f 2010.1/i586/bind-9.7.6-0.0.P1.0.1mdv2010.2.i586.rpm
830f7b84cf2891303b700f5336ee5e8d 2010.1/i586/bind-devel-9.7.6-0.0.P1.0.1mdv2010.2.i586.rpm
fc21a051f543d69e15bd4fe5e5cb10a0 2010.1/i586/bind-doc-9.7.6-0.0.P1.0.1mdv2010.2.i586.rpm
da27c14c4b98d3866682bc7e5d76ad8d 2010.1/i586/bind-utils-9.7.6-0.0.P1.0.1mdv2010.2.i586.rpm
f00a92647f3f43aa8f9d906dbf11094a 2010.1/SRPMS/bind-9.7.6-0.0.P1.0.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
115a51a772e1ea94bf8af6bb28996bdb 2010.1/x86_64/bind-9.7.6-0.0.P1.0.1mdv2010.2.x86_64.rpm
d79ad8c6cb1a6b784d935b13a7b2fe15 2010.1/x86_64/bind-devel-9.7.6-0.0.P1.0.1mdv2010.2.x86_64.rpm
901e102627a664dad0f464cd385e7fb2 2010.1/x86_64/bind-doc-9.7.6-0.0.P1.0.1mdv2010.2.x86_64.rpm
60b40f20a525dfa67302252caf2bcb33 2010.1/x86_64/bind-utils-9.7.6-0.0.P1.0.1mdv2010.2.x86_64.rpm
f00a92647f3f43aa8f9d906dbf11094a 2010.1/SRPMS/bind-9.7.6-0.0.P1.0.1mdv2010.2.src.rpm
Mandriva Linux 2011:
16926abc70e854a0b58b7469ef1d77c7 2011/i586/bind-9.8.3-0.0.P1.0.1-mdv2011.0.i586.rpm
b265f7b3f622b60848f9659bbe6cd0a8 2011/i586/bind-devel-9.8.3-0.0.P1.0.1-mdv2011.0.i586.rpm
3b4e397326b5196736ce9c2f373c4447 2011/i586/bind-doc-9.8.3-0.0.P1.0.1-mdv2011.0.i586.rpm
e3c925102fee466f43be8a94cf0852da 2011/i586/bind-utils-9.8.3-0.0.P1.0.1-mdv2011.0.i586.rpm
a54ef9cfd588215069052d5ca3df8005 2011/SRPMS/bind-9.8.3-0.0.P1.0.1.src.rpm
Mandriva Linux 2011/X86_64:
f006220d59f7f9e9ff6f24d6dfb2719d 2011/x86_64/bind-9.8.3-0.0.P1.0.1-mdv2011.0.x86_64.rpm
e6d643c23141dd4b3312728001c03df5 2011/x86_64/bind-devel-9.8.3-0.0.P1.0.1-mdv2011.0.x86_64.rpm
ffc9fccb94a33172c5e0ca1984702bbf 2011/x86_64/bind-doc-9.8.3-0.0.P1.0.1-mdv2011.0.x86_64.rpm
a34967d48b339fb807e769b3a20788a9 2011/x86_64/bind-utils-9.8.3-0.0.P1.0.1-mdv2011.0.x86_64.rpm
a54ef9cfd588215069052d5ca3df8005 2011/SRPMS/bind-9.8.3-0.0.P1.0.1.src.rpm
Mandriva Enterprise Server 5:
c3aa5e672f6b03ff34be06ca8720df55 mes5/i586/bind-9.7.6-0.0.P1.0.1mdvmes5.2.i586.rpm
ac267bb10d0403e2eed5982441dc833e mes5/i586/bind-devel-9.7.6-0.0.P1.0.1mdvmes5.2.i586.rpm
cde8a82803d1562b1d63c632db9b15ac mes5/i586/bind-doc-9.7.6-0.0.P1.0.1mdvmes5.2.i586.rpm
a53c6290a90c9fd6b11fd1f68686bcca mes5/i586/bind-utils-9.7.6-0.0.P1.0.1mdvmes5.2.i586.rpm
1c9f0bbac5e8683cf36c119fce7fb1f5 mes5/SRPMS/bind-9.7.6-0.0.P1.0.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
552f5c44303d73c8701e174fd6555e68 mes5/x86_64/bind-9.7.6-0.0.P1.0.1mdvmes5.2.x86_64.rpm
9ace83917f5db66354b58dd085488f2e mes5/x86_64/bind-devel-9.7.6-0.0.P1.0.1mdvmes5.2.x86_64.rpm
3cf233df1f5e677b120ec3c26333b9ff mes5/x86_64/bind-doc-9.7.6-0.0.P1.0.1mdvmes5.2.x86_64.rpm
69a3801fcecbd480f97aa7825714f8fd mes5/x86_64/bind-utils-9.7.6-0.0.P1.0.1mdvmes5.2.x86_64.rpm
1c9f0bbac5e8683cf36c119fce7fb1f5 mes5/SRPMS/bind-9.7.6-0.0.P1.0.1mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
https://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFP1FjRmqjQ0CJFipgRAjWhAKDCW3YpIL8J6xcMyNU9ipEJXLa+qACgqkEc
wr9IaDsAueQ2fsX+Lg0P+Bg=
=y/KY
-----END PGP SIGNATURE-----