|From:||Mageia Updates <email@example.com>|
|Subject:||[updates-announce] MGASA-2012-0354: bind-9.9.2.P1-1.mga2 (2/core)|
|Date:||Fri, 7 Dec 2012 13:20:20 +0100|
MGASA-2012-0354 Date: December 7th, 2012 Affected releases: 2 Description: Updated bind packages fix security vulnerability: BIND 9 nameservers using the DNS64 IPv6 transition mechanism are vulnerable to a software defect that allows a crafted query to crash the server with a REQUIRE assertion failure. Remote exploitation of this defect can be achieved without extensive effort, resulting in a denial-of-service (DoS) vector against affected servers (CVE-2012-5688). This update provides BIND 9.9.2-P1, which fixes this issue. Also, dnssec has been disabled by default, as it causes significant latency when not configured properly. It was dicovered that the named server segfaulted when stopped that eventually could fill the filesystem with core files, this was fixed with the 9.9.2 version (#7540). It was discovered that the needed openssl engine libgost.so was not updated in the chroot which could cause erratic behaviour (#7540). It was discovered that the mount bind of proc in the chroot did not work due to changes in how the mount command works. This has now been removed as it's not needed anymore (#7540). It was discovered that the root DNS server list was quite dated and this file has been updated. Updated Packages: bind-9.9.2.P1-1.mga2 bind-devel-9.9.2.P1-1.mga2 bind-doc-9.9.2.P1-1.mga2 bind-sdb-9.9.2.P1-1.mga2 bind-utils-9.9.2.P1-1.mga2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5688 ftp://ftp.isc.org/isc/bind/9.9.2-P1/CHANGES ftp://ftp.isc.org/isc/bind/9.9.2-P1/RELEASE-NOTES-BIND-9.... https://kb.isc.org/article/AA-00828 https://bugs.mageia.org/show_bug.cgi?id=7540 https://bugs.mageia.org/show_bug.cgi?id=8304 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds