[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ MDVSA-2015:054 ] bind



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:054
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : bind
 Date    : March 4, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated bind packages fix security vulnerability:
 
 Jan-Piet Mens discovered that the BIND DNS server would crash when
 processing an invalid DNSSEC key rollover, either due to an error
 on the zone operator's part, or due to interference with network
 traffic by an attacker. This issue affects configurations with the
 directives "dnssec-lookaside auto\;" (as enabled in the Mageia default
 configuration) or "dnssec-validation auto\;" (CVE-2015-1349).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1349
 http://advisories.mageia.org/MGASA-2015-0082.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 87d17f8944dfd07774598f951a5e342b  mbs1/x86_64/bind-9.9.6.P2-1.mbs1.x86_64.rpm
 7cc5d1caba2e2ee6f1a7ed34f57d5734  mbs1/x86_64/bind-devel-9.9.6.P2-1.mbs1.x86_64.rpm
 3c58166143183223d74e5213ca5feb1b  mbs1/x86_64/bind-doc-9.9.6.P2-1.mbs1.noarch.rpm
 22a57fbda0364ea2a8b623c3958d80da  mbs1/x86_64/bind-sdb-9.9.6.P2-1.mbs1.x86_64.rpm
 14e2df9a464db7af7da97c7ab3fe866d  mbs1/x86_64/bind-utils-9.9.6.P2-1.mbs1.x86_64.rpm 
 eb0a296b13c026ae8bdbcf8d2a9199ae  mbs1/SRPMS/bind-9.9.6.P2-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFU9taUmqjQ0CJFipgRAm8dAJ9mWM/Zah+H/QHeBbwwx9DcP54zqwCfZRjn
87ZiU5dQZbf2iCdtu/JkkPA=
=t1Cp
-----END PGP SIGNATURE-----