| |||||||||||||||||||
Mageia alert MGASA-2013-0105 (bind)
MGASA-2013-0105 Date: April 4th, 2013 Affected releases: 2 Media: Core Description: Updated bind packages fix security vulnerabilities: A flaw was found in the DNS64 implementation in BIND when using Response Policy Zones (RPZ). If a remote attacker sent a specially-crafted query to a named server that is using RPZ rewrite rules, named could exit unexpectedly with an assertion failure. Note that DNS64 support is not enabled by default (CVE-2012-5689). A denial of service flaw was found in the libdns library. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash (CVE-2013-2266). Updated Packages: i586: bind-9.9.2.P2-1.mga2.i586.rpm bind-devel-9.9.2.P2-1.mga2.i586.rpm bind-doc-9.9.2.P2-1.mga2.noarch.rpm bind-sdb-9.9.2.P2-1.mga2.i586.rpm bind-utils-9.9.2.P2-1.mga2.i586.rpm bind-debug-9.9.2.P2-1.mga2.i586.rpm x86_64: bind-9.9.2.P2-1.mga2.x86_64.rpm bind-devel-9.9.2.P2-1.mga2.x86_64.rpm bind-doc-9.9.2.P2-1.mga2.noarch.rpm bind-sdb-9.9.2.P2-1.mga2.x86_64.rpm bind-utils-9.9.2.P2-1.mga2.x86_64.rpm bind-debug-9.9.2.P2-1.mga2.x86_64.rpm SRPMS: bind-9.9.2.P2-1.mga2.src.rpm References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5689 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266 https://kb.isc.org/article/AA-00855 https://kb.isc.org/article/AA-00871 https://kb.isc.org/article/AA-00889 https://rhn.redhat.com/errata/RHSA-2013-0550.html https://rhn.redhat.com/errata/RHSA-2013-0689.html https://bugs.mageia.org/show_bug.cgi?id=9163 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-... (Log in to post comments)
|
|||||||||||||||||||