ID

VAR-200707-0675

CVE

CVE-2008-1447

TITLE

Multiple DNS implementations vulnerable to cache poisoning

DESCRIPTION

The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug.". ISC (Internet Systems Consortiuim) BIND generates cryptographically weak DNS query IDs which could allow a remote attacker to poison DNS caches. Deficiencies in the DNS protocol and common DNS implementations facilitate DNS cache poisoning attacks. Multiple vendors' implementations of the DNS protocol are prone to a DNS-spoofing vulnerability because the software fails to securely implement random values when performing DNS queries. Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks. This issue affects Microsoft Windows DNS Clients and Servers, ISC BIND 8 and 9, and multiple Cisco IOS releases; other DNS implementations may also be vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01506861 Version: 5 HPSBUX02351 SSRT080058 rev.5 - HP-UX Running BIND, Remote DNS Cache Poisoning NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2008-07-16 Last Updated: 2010-10-12 ------------------------------------------------------------------------------ Potential Security Impact: Remote DNS cache poisoning Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running BIND. References: CVE-2008-1447 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running BIND v9.3.2 or BIND v9.2.0, HP-UX B.11.11 running BIND v8.1.2 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2008-1447 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following software updates / patch to resolve the vulnerabilities for BIND v9.2.0 and BIND v9.3.2. Customers running BIND v8.1.2 on HP-UX B.11.11 should upgrade to BIND v9.2.0 or BIND v9.3.2 and apply the updates listed below. A new BIND v9.2.0 depot is available to address an issue encountered on HP-UX B.11.11. The new depot is available by contacting HP Support. The patch PHNE_37865 is available from: http://itrc.hp.com The BIND v9.3.2 updates are available for download from: http://software.hp.com HP-UX Release / Action B.11.11 running v8.1.2 Upgrade to BIND v9.2.0 or BIND v9.3.2 and apply the updates listed below, remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. HP-UX Release / BIND Depot name / Action B.11.11 running v9.2.0 / BIND920V15.depot / Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. HP-UX Release / Action B.11.23 running v9.2.0 / Install PHNE_37865; Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. HP-UX Release / Action B.11.11 running v9.3.2 / Install revision C.9.3.2.7.0 or subsequent; Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. B.11.23 running v9.3.2 / Install revision C.9.3.2.7.0 or subsequent; Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. B.11.31 running v9.3.2 / Install revision C.9.3.2.3.0 or subsequent; Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. Note: Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. Note: Firewall configurations may need to be adjusted to allow DNS queries from random source ports to pass. In addition, firewalls that forward DNS queries must not replace the random source ports. MANUAL ACTIONS: Yes - NonUpdate Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. Check firewall settings. For B.11.11 running v8.1.2, upgrade to BIND v9.2.0 or BIND v9.3.2 and apply the updates For B.11.11 running v9.2.0 install BIND920v15.depot PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa AFFECTED VERSIONS For BIND v8.1.2 HP-UX B.11.11 ============= InternetSrvcs.INETSVCS-RUN action: upgrade to BIND v9.2.0 or BIND v9.3.2 and apply the updates, remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. For BIND v9.3.2 HP-UX B.11.11 ============= BindUpgrade.BIND-UPGRADE action: install revision C.9.3.2.7.0 or subsequent, remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. URL: http://software.hp.com HP-UX B.11.23 ============= BindUpgrade.BIND-UPGRADE BindUpgrade.BIND2-UPGRADE action: install revision C.9.3.2.7.0 or subsequent, remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. URL: http://software.hp.com HP-UX B.11.31 ============= NameService.BIND-AUX NameService.BIND-RUN action: install revision C.9.3.2.7.0 or subsequent, remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. URL: http://software.hp.com For BIND v9.2.0 HP-UX B.11.11 ============= BINDv920.INETSVCS-BIND action: install revision B.11.11.01.015 or subsequent, remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. URL Contact HP Support for information on where to download depot. HP-UX B.11.23 ============= InternetSrvcs.INETSVCS-INETD InternetSrvcs.INETSVCS-RUN InternetSrvcs.INETSVCS2-RUN action: install patch PHNE_37865 or subsequent, remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. URL: http://itrc.hp.com END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 16 July 2008 Initial release Version:2 (rev.2) - 19 July 2008 Added BIND v9.2.0 depot information Version:3 (rev.3) - 06 August 2008 Updated patch location, revised BIND v9.2.0 depot information, added BIND v8.1.2 Version:4 (rev.4) - 08 August 2008 Updated manual actions to include named.conf and firewall configuration setings Version:5 (rev.5) - 12 October 2010 Updated version for BIND v9.2.0 depot for B.11.11 Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAky2a6UACgkQ4B86/C0qfVkUHQCg0LlQ1F+QqU9M/rEbJ5I/LPdI HU4AoPLWFY414ZayxcvKOiukOk0nPrVw =51B3 -----END PGP SIGNATURE----- . The fix introduced a regression in the library breaking the resolution of UTF-8 encoded record names. An updated release is available which corrects this problem. For reference, the original advisory text follows. Multiple weaknesses have been identified in PyDNS, a DNS client implementation for the Python language. Dan Kaminsky identified a practical vector of DNS response spoofing and cache poisoning, exploiting the limited entropy in a DNS transaction ID and lack of UDP source port randomization in many DNS implementations. Scott Kitterman noted that python-dns is vulnerable to this predictability, as it randomizes neither its transaction ID nor its source port. Taken together, this lack of entropy leaves applications using python-dns to perform DNS queries highly susceptible to response forgery. The Common Vulnerabilities and Exposures project identifies this class of weakness as CVE-2008-1447. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1617-1 security@debian.org http://www.debian.org/security/ Devin Carraway July 25, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : refpolicy Vulnerability : incompatible policy Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-1447 Debian Bug : 490271 In DSA-1603-1, Debian released an update to the BIND 9 domain name server, which introduced UDP source port randomization to mitigate the threat of DNS cache poisoning attacks (identified by the Common Vulnerabilities and Exposures project as CVE-2008-1447). The fix, while correct, was incompatible with the version of SELinux Reference Policy shipped with Debian Etch, which did not permit a process running in the named_t domain to bind sockets to UDP ports other than the standard 'domain' port (53). The incompatibility affects both the 'targeted' and 'strict' policy packages supplied by this version of refpolicy. This update to the refpolicy packages grants the ability to bind to arbitrary UDP ports to named_t processes. When installed, the updated packages will attempt to update the bind policy module on systems where it had been previously loaded and where the previous version of refpolicy was 0.0.20061018-5 or below. Because the Debian refpolicy packages are not yet designed with policy module upgradeability in mind, and because SELinux-enabled Debian systems often have some degree of site-specific policy customization, it is difficult to assure that the new bind policy can be successfully upgraded. To this end, the package upgrade will not abort if the bind policy update fails. The new policy module can be found at /usr/share/selinux/refpolicy-targeted/bind.pp after installation. Administrators wishing to use the bind service policy can reconcile any policy incompatibilities and install the upgrade manually thereafter. A more detailed discussion of the corrective procedure may be found here: http://wiki.debian.org/SELinux/Issues/BindPortRandomization For the stable distribution (etch), this problem has been fixed in version 0.0.20061018-5.1+etch1. The unstable distribution (sid) is not affected, as subsequent refpolicy releases have incorporated an analogous change. We recommend that you upgrade your refpolicy packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/r/refpolicy/refpolicy_0.0.20061018.orig.tar.gz Size/MD5 checksum: 571487 1bb326ee1b8aea1fa93c3bd86a3007ee http://security.debian.org/pool/updates/main/r/refpolicy/refpolicy_0.0.20061018-5.1+etch1.diff.gz Size/MD5 checksum: 53515 bd171f0cfa9adc59d451d176fb32c913 http://security.debian.org/pool/updates/main/r/refpolicy/refpolicy_0.0.20061018-5.1+etch1.dsc Size/MD5 checksum: 859 52bc8ea0cab864e990e9dacc4db3b678 Architecture independent packages: http://security.debian.org/pool/updates/main/r/refpolicy/selinux-policy-refpolicy-strict_0.0.20061018-5.1+etch1_all.deb Size/MD5 checksum: 1541610 626c93fc13beaa01ff151d9103a7860b http://security.debian.org/pool/updates/main/r/refpolicy/selinux-policy-refpolicy-doc_0.0.20061018-5.1+etch1_all.deb Size/MD5 checksum: 289230 b082a861eda93f9bc06dd2e2f03ba89d http://security.debian.org/pool/updates/main/r/refpolicy/selinux-policy-refpolicy-targeted_0.0.20061018-5.1+etch1_all.deb Size/MD5 checksum: 1288314 c00ed4f0ea4ddbb8dd945c24c710c788 http://security.debian.org/pool/updates/main/r/refpolicy/selinux-policy-refpolicy-src_0.0.20061018-5.1+etch1_all.deb Size/MD5 checksum: 595490 841f616c8f08b22ed7077c21c1065026 http://security.debian.org/pool/updates/main/r/refpolicy/selinux-policy-refpolicy-dev_0.0.20061018-5.1+etch1_all.deb Size/MD5 checksum: 418666 bee3f41fe8771b7b88693937814494a3 These files will probably be moved into the stable distribution on its next update. In IP NAT filtering in Sun Solaris 10 and OpenSolaris series products, when a DNS server runs NAT, it incorrectly changes the original address of the data packet. When the destination address is a DNS port, it will allow remote attackers to bypass CVE-2008 -1447 security protection. And spoof the address returned by the DNS response. Background ========== Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP server. * Carlos Carvalho reported that dnsmasq in the 2.43 version does not properly handle clients sending inform or renewal queries for unknown DHCP leases, leading to a crash (CVE-2008-3350). lead to the redirection of web or mail traffic to malicious sites. Furthermore, an attacker could generate invalid DHCP traffic and cause a Denial of Service. =========================================================== Ubuntu Security Notice USN-622-1 July 08, 2008 bind9 vulnerability CVE-2008-1447 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libdns21 1:9.3.2-2ubuntu1.5 Ubuntu 7.04: libdns22 1:9.3.4-2ubuntu2.3 Ubuntu 7.10: libdns32 1:9.4.1-P1-3ubuntu2 Ubuntu 8.04 LTS: libdns35 1:9.4.2-10ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Dan Kaminsky discovered weaknesses in the DNS protocol as implemented by Bind. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.2-2ubuntu1.5.diff.gz Size/MD5: 104296 a0aed8a7f9c1a914d9047876547c67d4 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.2-2ubuntu1.5.dsc Size/MD5: 803 795915bcbaf3e0c97f5ca1b541fecbe1 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.2.orig.tar.gz Size/MD5: 5302112 55e709501a7780233c36e25ccd15ece2 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-doc_9.3.2-2ubuntu1.5_all.deb Size/MD5: 180736 0ca869db29381743a0aa2acd480c0d36 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.3.2-2ubuntu1.5_amd64.deb Size/MD5: 112040 52e0eb5609ddf50411d43f388a04f917 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.2-2ubuntu1.5_amd64.deb Size/MD5: 311534 80e47bf514a33cad401524d7f43e044b http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.3.2-2ubuntu1.5_amd64.deb Size/MD5: 184862 d09db412eb19271ecb2cf742a1816b05 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.3.2-2ubuntu1.5_amd64.deb Size/MD5: 1130056 50d2a84568a66d6ddf47e95b411fad29 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-0_9.3.2-2ubuntu1.5_amd64.deb Size/MD5: 92116 c71b74708301acf6a6ecbf608fab5d56 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns21_9.3.2-2ubuntu1.5_amd64.deb Size/MD5: 557278 63dc3e1e6488e6cff0059d1f3e490682 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc11_9.3.2-2ubuntu1.5_amd64.deb Size/MD5: 190576 c611f958e1393704d0ba84ed707839b1 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc0_9.3.2-2ubuntu1.5_amd64.deb Size/MD5: 93250 f2005aeb8667d262326bf59d82c69ba1 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg1_9.3.2-2ubuntu1.5_amd64.deb Size/MD5: 109046 4ecb1dbb245b01bddac47ea50e84acfd http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres9_9.3.2-2ubuntu1.5_amd64.deb Size/MD5: 111524 a75c2314434af46dd79be91ba0dba036 http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.3.2-2ubuntu1.5_amd64.deb Size/MD5: 219944 74b47bf188a3e82200ae564162d61a73 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.3.2-2ubuntu1.5_i386.deb Size/MD5: 108882 b5967775be7b3115c62a4d7f9508b525 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.2-2ubuntu1.5_i386.deb Size/MD5: 289854 1873ac12a760a4e14e5b88399658f905 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.3.2-2ubuntu1.5_i386.deb Size/MD5: 175542 ea79ad2e1f210a7e107c90f5770bc806 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.3.2-2ubuntu1.5_i386.deb Size/MD5: 997094 bb0cb2822c28a8e455bf1a928c6d0ef7 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-0_9.3.2-2ubuntu1.5_i386.deb Size/MD5: 91336 7bd20507d22e86691fb648d12795fc95 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns21_9.3.2-2ubuntu1.5_i386.deb Size/MD5: 482908 d20a97bb56024597c1d158ec69b41c14 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc11_9.3.2-2ubuntu1.5_i386.deb Size/MD5: 172564 108d61d18f73a8c51913fb1c84260af9 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc0_9.3.2-2ubuntu1.5_i386.deb Size/MD5: 90784 3850d2c7f69c31c2d1d013fb862b587d http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg1_9.3.2-2ubuntu1.5_i386.deb Size/MD5: 102422 6951c7cdfd7a801b249e33648213d6a4 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres9_9.3.2-2ubuntu1.5_i386.deb Size/MD5: 107234 3d8606e265875294b7e150884be8cee7 http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.3.2-2ubuntu1.5_i386.deb Size/MD5: 203328 eb566ef1e4b485523f33271a001b56f9 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.3.2-2ubuntu1.5_powerpc.deb Size/MD5: 110524 1efa8d84b535e465623561c1f678a89c http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.2-2ubuntu1.5_powerpc.deb Size/MD5: 303594 9066c6e199c0598b7acd70b561506148 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.3.2-2ubuntu1.5_powerpc.deb Size/MD5: 181654 c4b4fd9157adf5e449d5df01aef1e7d0 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.3.2-2ubuntu1.5_powerpc.deb Size/MD5: 1204474 5d029c34854c4fca6b704fce98a74851 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-0_9.3.2-2ubuntu1.5_powerpc.deb Size/MD5: 93418 bb908cbdb8c8028ad2af232f354a0008 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns21_9.3.2-2ubuntu1.5_powerpc.deb Size/MD5: 516882 f8437dfca292d7d1d8b93c6aba2ae73a http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc11_9.3.2-2ubuntu1.5_powerpc.deb Size/MD5: 182374 368127ca61e8e8e5bceb49870cd2bd70 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc0_9.3.2-2ubuntu1.5_powerpc.deb Size/MD5: 93604 4e42b14ee385a7c44ee8c1f728cabff7 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg1_9.3.2-2ubuntu1.5_powerpc.deb Size/MD5: 106410 f2db82079a9d85e5acb19e39eb2ced31 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres9_9.3.2-2ubuntu1.5_powerpc.deb Size/MD5: 111058 06126f085691f8a2c8358e47f0a2d8d7 http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.3.2-2ubuntu1.5_powerpc.deb Size/MD5: 207816 45a904a0518de2feccc9678f83e4d5ec sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.3.2-2ubuntu1.5_sparc.deb Size/MD5: 110620 d5fdd4a4e6e4ea89c4e518f66acecbd1 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.2-2ubuntu1.5_sparc.deb Size/MD5: 301372 e67bc7a6970f534ee5faac384801c895 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.3.2-2ubuntu1.5_sparc.deb Size/MD5: 180950 61dfdf0427c07fe2ab35901a64508b5a http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.3.2-2ubuntu1.5_sparc.deb Size/MD5: 1116008 8be769301060285de28ad3e568dfd647 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-0_9.3.2-2ubuntu1.5_sparc.deb Size/MD5: 91674 629c0a0296adcdd7f52547eace987c39 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns21_9.3.2-2ubuntu1.5_sparc.deb Size/MD5: 511130 8c5a1778a9efd974dded9ca0f8225bdd http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc11_9.3.2-2ubuntu1.5_sparc.deb Size/MD5: 181286 40c07c235b00a44aac6bbc28795c2c07 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc0_9.3.2-2ubuntu1.5_sparc.deb Size/MD5: 91184 8a2e4f0670f934d831c8cd1b40a3fa7a http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg1_9.3.2-2ubuntu1.5_sparc.deb Size/MD5: 103900 80107ec78e4a006784b3a117c05ee1e6 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres9_9.3.2-2ubuntu1.5_sparc.deb Size/MD5: 106762 8951b01a7b2f97aad4a93210d50850da http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.3.2-2ubuntu1.5_sparc.deb Size/MD5: 211124 2978354d73f6a9bf7dcd3c96b919eec0 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.4-2ubuntu2.3.diff.gz Size/MD5: 285716 085d15195d25e9ad690d374e9adaecb0 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.4-2ubuntu2.3.dsc Size/MD5: 888 9bde4140f2f312c3b4071990f21f5075 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.4.orig.tar.gz Size/MD5: 4043577 198181d47c58a0a9c0265862cd5557b0 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-doc_9.3.4-2ubuntu2.3_all.deb Size/MD5: 187788 25ad7fff219ac84a553e40a6c7af840c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.3.4-2ubuntu2.3_amd64.deb Size/MD5: 118810 baf5548fa89037279840b4158cf9c4eb http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.4-2ubuntu2.3_amd64.deb Size/MD5: 322984 08a1b75f9a77c618f2e36b0534e1a7be http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.3.4-2ubuntu2.3_amd64.deb Size/MD5: 194018 bf92cede850d5f189c8895fdce8141f8 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.3.4-2ubuntu2.3_amd64.deb Size/MD5: 1123068 35f889b48402c1bb56c58d2b0f61dbbf http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-0_9.3.4-2ubuntu2.3_amd64.deb Size/MD5: 96684 98747d65d02a685db5256e417a54870b http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns22_9.3.4-2ubuntu2.3_amd64.deb Size/MD5: 568742 d25c28c00bfc48ec52c18a3f5df8339a http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc11_9.3.4-2ubuntu2.3_amd64.deb Size/MD5: 191858 067227f2f582db56911dbf3236e4aea2 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc0_9.3.4-2ubuntu2.3_amd64.deb Size/MD5: 97646 ef6f169da9562b22237e6c7a3edbafda http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg1_9.3.4-2ubuntu2.3_amd64.deb Size/MD5: 112594 cf9a0a5c4a940b4ba2d169c9c081dd9f http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres9_9.3.4-2ubuntu2.3_amd64.deb Size/MD5: 116228 98dd0e9dcf07d0e49f0c4341e775bcf4 http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.3.4-2ubuntu2.3_amd64.deb Size/MD5: 228496 31efc89af88b933b901d67c61b194ba6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.3.4-2ubuntu2.3_i386.deb Size/MD5: 115168 6797a4d80f8a4196c8a948ad33bc39fe http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.4-2ubuntu2.3_i386.deb Size/MD5: 303544 26dd7cd0aaf4712609a619846302ba21 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.3.4-2ubuntu2.3_i386.deb Size/MD5: 184442 7cb775d8fe3051b3ccda2327d1c3083b http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.3.4-2ubuntu2.3_i386.deb Size/MD5: 1018542 c0fdcbb4acc613859ce6ab4781762ff7 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-0_9.3.4-2ubuntu2.3_i386.deb Size/MD5: 95774 5ddb6803f82c9117056a0a5de59aa5d6 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns22_9.3.4-2ubuntu2.3_i386.deb Size/MD5: 497640 5d71a76c2185fb7631c07ea415037302 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc11_9.3.4-2ubuntu2.3_i386.deb Size/MD5: 175420 a07afa38758a587ed0998b5f78629b3b http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc0_9.3.4-2ubuntu2.3_i386.deb Size/MD5: 96014 bc47e546be9c1fd6a19e9d8d8366ed3d http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg1_9.3.4-2ubuntu2.3_i386.deb Size/MD5: 108214 686dd4ad9fb4413b7778786d667428e2 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres9_9.3.4-2ubuntu2.3_i386.deb Size/MD5: 112700 86c736ba2fae3f194498d5f3f6de7306 http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.3.4-2ubuntu2.3_i386.deb Size/MD5: 213620 00fa556825d7defaa4fc45cad2138b02 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.3.4-2ubuntu2.3_powerpc.deb Size/MD5: 118214 4081aec0d3d622fbc05dc097cf102e4f http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.4-2ubuntu2.3_powerpc.deb Size/MD5: 324724 09c0e4862ed9691c2527f755683a8b8c http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.3.4-2ubuntu2.3_powerpc.deb Size/MD5: 194978 b5f813766584254fd824e72baeffc96b http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.3.4-2ubuntu2.3_powerpc.deb Size/MD5: 1169812 34192103d6041b6f50e7dd6551a6dbf1 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-0_9.3.4-2ubuntu2.3_powerpc.deb Size/MD5: 98074 06572e8c43b6eeeeba3352ba3b94ce65 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns22_9.3.4-2ubuntu2.3_powerpc.deb Size/MD5: 511582 21cc7a4347b3bb863a7151ad5cf73bd1 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc11_9.3.4-2ubuntu2.3_powerpc.deb Size/MD5: 183468 5844029a87c42bc54a547acaff985442 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc0_9.3.4-2ubuntu2.3_powerpc.deb Size/MD5: 98738 2eed8603e4ba78e0b07e4e21df59e93d http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg1_9.3.4-2ubuntu2.3_powerpc.deb Size/MD5: 112116 a8f232fa8d8ab6429c57827ca1af13bc http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres9_9.3.4-2ubuntu2.3_powerpc.deb Size/MD5: 115894 193a734032dcdbb289fbddb68cb350b5 http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.3.4-2ubuntu2.3_powerpc.deb Size/MD5: 218796 cdc6ccf2614a684ecff0f63f9f96dfe1 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.3.4-2ubuntu2.3_sparc.deb Size/MD5: 117664 48cc134e0194e3d732e79ca699f8406b http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.4-2ubuntu2.3_sparc.deb Size/MD5: 315270 7bc67be9266eaddfc64138c6c01483bc http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.3.4-2ubuntu2.3_sparc.deb Size/MD5: 191400 bc4b1922d10028421b14b69bf9d76bb7 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.3.4-2ubuntu2.3_sparc.deb Size/MD5: 1141834 af414f9bcf9c42d1e52fe8b2069fc83d http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-0_9.3.4-2ubuntu2.3_sparc.deb Size/MD5: 96070 43a9988edc73a9b4fd2ad6e98338a8fc http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns22_9.3.4-2ubuntu2.3_sparc.deb Size/MD5: 513792 55b3d92618f678690e91956b131fa330 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc11_9.3.4-2ubuntu2.3_sparc.deb Size/MD5: 180638 b24a1a0d2d50b9d2fcba45971d23a7a4 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc0_9.3.4-2ubuntu2.3_sparc.deb Size/MD5: 96248 425e3657f29e865c91be421484089106 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg1_9.3.4-2ubuntu2.3_sparc.deb Size/MD5: 109716 cddb416bc557fb9cdebc6372312c4350 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres9_9.3.4-2ubuntu2.3_sparc.deb Size/MD5: 113516 a102110917b6ec739fa2035e1f65e4a6 http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.3.4-2ubuntu2.3_sparc.deb Size/MD5: 220226 b855b98a0ebde055930e560feec2a3c0 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.1-P1-3ubuntu2.diff.gz Size/MD5: 300771 40cda1f019e548208ef85f9dad5dfeec http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.1-P1-3ubuntu2.dsc Size/MD5: 1001 e1318d3386a5d798b700b6d8ed108146 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.1-P1.orig.tar.gz Size/MD5: 4987098 683293e3acc85e30f5ca4bba8a096303 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-doc_9.4.1-P1-3ubuntu2_all.deb Size/MD5: 233584 955901705316670276f41c633020a274 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.4.1-P1-3ubuntu2_amd64.deb Size/MD5: 46106 8d04ee50411a1d62391209b8ccab5dfd http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.1-P1-3ubuntu2_amd64.deb Size/MD5: 278364 1f2de92494c8a7b5e93a53c75cffbb44 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.4.1-P1-3ubuntu2_amd64.deb Size/MD5: 117148 927ff60a9de441ef3b1a86337c8756a1 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.4.1-P1-3ubuntu2_amd64.deb Size/MD5: 1162042 2d7d3e28b6e8422abc7cdfc41f046c73 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-30_9.4.1-P1-3ubuntu2_amd64.deb Size/MD5: 26006 be5c5f455a5507b9e14b8678dac0f6bb http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns32_9.4.1-P1-3ubuntu2_amd64.deb Size/MD5: 552146 97272ff611d594b7346086268e4765ae http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc32_9.4.1-P1-3ubuntu2_amd64.deb Size/MD5: 130934 4135eb09ffb1df2611dc809a682c74df http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc30_9.4.1-P1-3ubuntu2_amd64.deb Size/MD5: 23180 a6afe8f12bf054deca547c2f72d55a66 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg30_9.4.1-P1-3ubuntu2_amd64.deb Size/MD5: 42424 96a32f1fa3f81841fe7085bb01247f6d http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres30_9.4.1-P1-3ubuntu2_amd64.deb Size/MD5: 41990 c90cb0cac5341fb94c7c959983350dd9 http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.4.1-P1-3ubuntu2_amd64.deb Size/MD5: 167296 61645dfcde5c7543d150d829ed113b0d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.4.1-P1-3ubuntu2_i386.deb Size/MD5: 42116 2701dd72510ac551881624a6931069ec http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.1-P1-3ubuntu2_i386.deb Size/MD5: 254750 1300e37afb8268b112ab1718e998d443 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.4.1-P1-3ubuntu2_i386.deb Size/MD5: 106990 717db0ad88486bd34c79120f00e02551 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.4.1-P1-3ubuntu2_i386.deb Size/MD5: 1040234 db9099b5ac165aaaf6220317d054df8c http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-30_9.4.1-P1-3ubuntu2_i386.deb Size/MD5: 24768 7b5c03984b957dafa6b4bcd981c5af9f http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns32_9.4.1-P1-3ubuntu2_i386.deb Size/MD5: 470404 6a7d265fd0aba23035df443e8b78269b http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc32_9.4.1-P1-3ubuntu2_i386.deb Size/MD5: 113492 685a3b04a9581c29466b67fef742674d http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc30_9.4.1-P1-3ubuntu2_i386.deb Size/MD5: 21570 23a9a67e65a5e2f8dfb836aba5b0ece5 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg30_9.4.1-P1-3ubuntu2_i386.deb Size/MD5: 36630 cbfc768cbeceb42d104f41307f720688 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres30_9.4.1-P1-3ubuntu2_i386.deb Size/MD5: 38268 8d71f0b2df12a449fa7c3fd7613ff682 http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.4.1-P1-3ubuntu2_i386.deb Size/MD5: 150304 f9c7b0ee3d4891b06ef4271c62c292d4 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/b/bind9/bind9-host_9.4.1-P1-3ubuntu2_lpia.deb Size/MD5: 41828 101a835923e507c0eea60ff08663b1a9 http://ports.ubuntu.com/pool/main/b/bind9/bind9_9.4.1-P1-3ubuntu2_lpia.deb Size/MD5: 250104 87f9678cd733aacc482b1cd7705a820d http://ports.ubuntu.com/pool/main/b/bind9/dnsutils_9.4.1-P1-3ubuntu2_lpia.deb Size/MD5: 105740 c5035426f0bf196ad4f34d320e9126a5 http://ports.ubuntu.com/pool/main/b/bind9/libbind-dev_9.4.1-P1-3ubuntu2_lpia.deb Size/MD5: 1025798 47551ddfeb321fd6ff69805bd3c72cf7 http://ports.ubuntu.com/pool/main/b/bind9/libbind9-30_9.4.1-P1-3ubuntu2_lpia.deb Size/MD5: 24354 9c8a3f39052994adeb0e1277eb9c96d6 http://ports.ubuntu.com/pool/main/b/bind9/libdns32_9.4.1-P1-3ubuntu2_lpia.deb Size/MD5: 449848 d70baaa8ab74b607cc20ac8befd935b3 http://ports.ubuntu.com/pool/main/b/bind9/libisc32_9.4.1-P1-3ubuntu2_lpia.deb Size/MD5: 108538 e64e03f6db0678366f5ed7931bbb7bd8 http://ports.ubuntu.com/pool/main/b/bind9/libisccc30_9.4.1-P1-3ubuntu2_lpia.deb Size/MD5: 20936 c735ba0c832279b708b38dd995f90eea http://ports.ubuntu.com/pool/main/b/bind9/libisccfg30_9.4.1-P1-3ubuntu2_lpia.deb Size/MD5: 35840 6e09afe7daabc2722145eae0ccf64ebb http://ports.ubuntu.com/pool/main/b/bind9/liblwres30_9.4.1-P1-3ubuntu2_lpia.deb Size/MD5: 36964 7cf9822533618d4eeaaaaca191081a10 http://ports.ubuntu.com/pool/universe/b/bind9/lwresd_9.4.1-P1-3ubuntu2_lpia.deb Size/MD5: 146046 3e90eb9276c3c9cd29722b58b44825d6 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.4.1-P1-3ubuntu2_powerpc.deb Size/MD5: 45228 6f58fdfb1a9464505b63d6ee10bfb499 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.1-P1-3ubuntu2_powerpc.deb Size/MD5: 279194 7fb180ca0c0fb2197b6cabcb9e5b87c1 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.4.1-P1-3ubuntu2_powerpc.deb Size/MD5: 117336 4a6d45d30c6dfd9b7525e9efeb7cc390 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.4.1-P1-3ubuntu2_powerpc.deb Size/MD5: 1209208 c23a85c019b655f9044207a98c9eb472 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-30_9.4.1-P1-3ubuntu2_powerpc.deb Size/MD5: 27166 92bd4c64f9914f63fc59973bc0e73d6d http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns32_9.4.1-P1-3ubuntu2_powerpc.deb Size/MD5: 485638 3c3bff7bcd7df84170d9f45855785f46 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc32_9.4.1-P1-3ubuntu2_powerpc.deb Size/MD5: 121410 6eb18c5fee8ef25bfaab05b53a6776d1 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc30_9.4.1-P1-3ubuntu2_powerpc.deb Size/MD5: 24308 94df6003c7e061d9a1e1cbcc1ed1133d http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg30_9.4.1-P1-3ubuntu2_powerpc.deb Size/MD5: 41128 a78b1e2958a2cda0347824e2d9eb7815 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres30_9.4.1-P1-3ubuntu2_powerpc.deb Size/MD5: 41354 d826c2e80c70c92c54c407fa6458a2d0 http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.4.1-P1-3ubuntu2_powerpc.deb Size/MD5: 156660 24840c4483eb81fccfd483843c03fc21 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.4.1-P1-3ubuntu2_sparc.deb Size/MD5: 44760 ff76458f2f3bc437f975710f0f44350f http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.1-P1-3ubuntu2_sparc.deb Size/MD5: 267886 15ae5b64e2d7f0a84610dca3265f36fe http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.4.1-P1-3ubuntu2_sparc.deb Size/MD5: 114014 18755ede3d638c17c7292bbc0d0b331c http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.4.1-P1-3ubuntu2_sparc.deb Size/MD5: 1180276 a906d2e8f9b40766735895725112fe04 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-30_9.4.1-P1-3ubuntu2_sparc.deb Size/MD5: 25350 e9e7f9b9c5fc4b6bcaad7e36b7a12c21 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns32_9.4.1-P1-3ubuntu2_sparc.deb Size/MD5: 492286 e367b633343c1841f48eeec01f08e494 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc32_9.4.1-P1-3ubuntu2_sparc.deb Size/MD5: 117916 bee4cf76d903bf902a025ea2362cf5ec http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc30_9.4.1-P1-3ubuntu2_sparc.deb Size/MD5: 21900 0807caba04fee218b416288eae034b93 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg30_9.4.1-P1-3ubuntu2_sparc.deb Size/MD5: 38438 e11c657acb477041666dd3cccd8bfebc http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres30_9.4.1-P1-3ubuntu2_sparc.deb Size/MD5: 39244 da7d911f9a2f97fd6e895736489c22ac http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.4.1-P1-3ubuntu2_sparc.deb Size/MD5: 156818 cada78841afbf1e0caf13f75eadaba51 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.2-10ubuntu0.1.diff.gz Size/MD5: 243611 da5389b9c001fc8105edd135c086b13d http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.2-10ubuntu0.1.dsc Size/MD5: 998 2588a42ba49dd2702130d159c1f68d6d http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.2.orig.tar.gz Size/MD5: 5021880 0aa73c66c206de3da10029bf5f195347 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-doc_9.4.2-10ubuntu0.1_all.deb Size/MD5: 239534 7469deb007e19439a8f5df6a53ecd485 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.4.2-10ubuntu0.1_amd64.deb Size/MD5: 47052 24ce8ff319d3a45dc8c572df3bc47ef6 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.2-10ubuntu0.1_amd64.deb Size/MD5: 282744 5d77a9de6d4267405c6c969792a42243 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.4.2-10ubuntu0.1_amd64.deb Size/MD5: 116814 2adb81fed8e7d93cfde2ab01f1050d2e http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.4.2-10ubuntu0.1_amd64.deb Size/MD5: 1188376 36c0b944f5e23f76ba587e756e7c4bdb http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-30_9.4.2-10ubuntu0.1_amd64.deb Size/MD5: 27208 be7b3257b0eb9014f033b4ead73bb7a7 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns35_9.4.2-10ubuntu0.1_amd64.deb Size/MD5: 550042 268c59c90f72e47690a2f64fccc296c6 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc32_9.4.2-10ubuntu0.1_amd64.deb Size/MD5: 138186 5f08619b4b4198fb6176f4d914e74b54 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc30_9.4.2-10ubuntu0.1_amd64.deb Size/MD5: 24666 f584f72af33412695ab6cfb81c891ee4 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg30_9.4.2-10ubuntu0.1_amd64.deb Size/MD5: 44570 f63b6e57da24654d0ffc243936a5a153 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres30_9.4.2-10ubuntu0.1_amd64.deb Size/MD5: 42802 4542b6bea7110e1cbf557346fc5536ad http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.4.2-10ubuntu0.1_amd64.deb Size/MD5: 171006 c96cfef97c3950ab59b80a7b1d3aa868 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-host_9.4.2-10ubuntu0.1_i386.deb Size/MD5: 44692 62a8e406937a5be466977c5b47f9a659 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.4.2-10ubuntu0.1_i386.deb Size/MD5: 267508 da18e50b8467dbd7730640a09c52d188 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/dnsutils_9.4.2-10ubuntu0.1_i386.deb Size/MD5: 110460 480313c340c47e5d6f5167c11161daa7 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind-dev_9.4.2-10ubuntu0.1_i386.deb Size/MD5: 1065190 6fe78d85bdae7a9970c769dd2d1ebdcf http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libbind9-30_9.4.2-10ubuntu0.1_i386.deb Size/MD5: 27254 2ba88324a0225ccab2b826dcc2f0f202 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libdns35_9.4.2-10ubuntu0.1_i386.deb Size/MD5: 493370 5916fe8f22b1a19d0dde5f9e9596353f http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisc32_9.4.2-10ubuntu0.1_i386.deb Size/MD5: 125982 26501d011be6c34b7874b19ceabd0148 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccc30_9.4.2-10ubuntu0.1_i386.deb Size/MD5: 22852 13693beb84952c55cf78f4275c39aba7 http://security.ubuntu.com/ubuntu/pool/main/b/bind9/libisccfg30_9.4.2-10ubuntu0.1_i386.deb Size/MD5: 38258 34107c4916cb13ac651d16706e9d9b9a http://security.ubuntu.com/ubuntu/pool/main/b/bind9/liblwres30_9.4.2-10ubuntu0.1_i386.deb Size/MD5: 40058 443bc171d30e2f262bb8ce2e3bfe885e http://security.ubuntu.com/ubuntu/pool/universe/b/bind9/lwresd_9.4.2-10ubuntu0.1_i386.deb Size/MD5: 159118 b31758442a36011d79dde9c485fca1da lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/b/bind9/bind9-host_9.4.2-10ubuntu0.1_lpia.deb Size/MD5: 45254 659ea8656a46bc1265f0bf3049ffc511 http://ports.ubuntu.com/pool/main/b/bind9/bind9_9.4.2-10ubuntu0.1_lpia.deb Size/MD5: 267536 13c20e925a9a9ae1353b63fde5ce8555 http://ports.ubuntu.com/pool/main/b/bind9/dnsutils_9.4.2-10ubuntu0.1_lpia.deb Size/MD5: 111858 ce4c215e0dfc3a4c1e53b431264becf7 http://ports.ubuntu.com/pool/main/b/bind9/libbind-dev_9.4.2-10ubuntu0.1_lpia.deb Size/MD5: 1068570 9680708be2a7840be99f2894234757bf http://ports.ubuntu.com/pool/main/b/bind9/libbind9-30_9.4.2-10ubuntu0.1_lpia.deb Size/MD5: 27248 f0a51f7ebaeb86afa2f466c1e4b1b4c0 http://ports.ubuntu.com/pool/main/b/bind9/libdns35_9.4.2-10ubuntu0.1_lpia.deb Size/MD5: 488706 325b144544a6dfd1917210c9a02ec423 http://ports.ubuntu.com/pool/main/b/bind9/libisc32_9.4.2-10ubuntu0.1_lpia.deb Size/MD5: 122606 316c7a93002a350fa04f7956483c6efe http://ports.ubuntu.com/pool/main/b/bind9/libisccc30_9.4.2-10ubuntu0.1_lpia.deb Size/MD5: 22522 66d3aaa993507238b341578bb534a0aa http://ports.ubuntu.com/pool/main/b/bind9/libisccfg30_9.4.2-10ubuntu0.1_lpia.deb Size/MD5: 37670 b58cc5a2d27f02cac5b954cf4cb1cec5 http://ports.ubuntu.com/pool/main/b/bind9/liblwres30_9.4.2-10ubuntu0.1_lpia.deb Size/MD5: 39810 6a5c7b4e2a52a61258d86618f3a27106 http://ports.ubuntu.com/pool/universe/b/bind9/lwresd_9.4.2-10ubuntu0.1_lpia.deb Size/MD5: 158506 b2064557c74e536b96d77a707068c933 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/b/bind9/bind9-host_9.4.2-10ubuntu0.1_powerpc.deb Size/MD5: 49064 77fb0a3b0c381e9f4cf561240f801e99 http://ports.ubuntu.com/pool/main/b/bind9/bind9_9.4.2-10ubuntu0.1_powerpc.deb Size/MD5: 297108 927db70c3f13cb7642f8e9dfe9d2e378 http://ports.ubuntu.com/pool/main/b/bind9/dnsutils_9.4.2-10ubuntu0.1_powerpc.deb Size/MD5: 124214 fb0b53b2b7f5fd750c3ee3785038efea http://ports.ubuntu.com/pool/main/b/bind9/libbind-dev_9.4.2-10ubuntu0.1_powerpc.deb Size/MD5: 1271364 32f252c1f510f5d0f5f2860a75fccf8b http://ports.ubuntu.com/pool/main/b/bind9/libbind9-30_9.4.2-10ubuntu0.1_powerpc.deb Size/MD5: 29764 2111df6f219f9e4a421329209eee6489 http://ports.ubuntu.com/pool/main/b/bind9/libdns35_9.4.2-10ubuntu0.1_powerpc.deb Size/MD5: 529240 e66e625de5160092f4ac4b9b505bd3ae http://ports.ubuntu.com/pool/main/b/bind9/libisc32_9.4.2-10ubuntu0.1_powerpc.deb Size/MD5: 137960 e581851a0e71ada301415c006e5697d9 http://ports.ubuntu.com/pool/main/b/bind9/libisccc30_9.4.2-10ubuntu0.1_powerpc.deb Size/MD5: 26412 12e5213a39740e05cdf4ed87dbfd055e http://ports.ubuntu.com/pool/main/b/bind9/libisccfg30_9.4.2-10ubuntu0.1_powerpc.deb Size/MD5: 43508 b8aab766d691b13f0df8796252bfe7a5 http://ports.ubuntu.com/pool/main/b/bind9/liblwres30_9.4.2-10ubuntu0.1_powerpc.deb Size/MD5: 44292 78170e54852c2e28718dd26c72148165 http://ports.ubuntu.com/pool/universe/b/bind9/lwresd_9.4.2-10ubuntu0.1_powerpc.deb Size/MD5: 171502 0c747e830656e34d4cd5b84f8ee38551 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/b/bind9/bind9-host_9.4.2-10ubuntu0.1_sparc.deb Size/MD5: 46786 2f07cd43ef71146ec839172a9318eb22 http://ports.ubuntu.com/pool/main/b/bind9/bind9_9.4.2-10ubuntu0.1_sparc.deb Size/MD5: 281936 b97f8461fb12702ffde3b1536e11531c http://ports.ubuntu.com/pool/main/b/bind9/dnsutils_9.4.2-10ubuntu0.1_sparc.deb Size/MD5: 116124 cf6ec9328492c928d5d8064f09d5bcda http://ports.ubuntu.com/pool/main/b/bind9/libbind-dev_9.4.2-10ubuntu0.1_sparc.deb Size/MD5: 1178958 f21fed7bb01a12a74061b3cf03000b54 http://ports.ubuntu.com/pool/main/b/bind9/libbind9-30_9.4.2-10ubuntu0.1_sparc.deb Size/MD5: 26652 b650866c75829e84f35592fff5d6c950 http://ports.ubuntu.com/pool/main/b/bind9/libdns35_9.4.2-10ubuntu0.1_sparc.deb Size/MD5: 500058 d99f74a53d5b2b6167eae4bd9f56d3ed http://ports.ubuntu.com/pool/main/b/bind9/libisc32_9.4.2-10ubuntu0.1_sparc.deb Size/MD5: 127824 c93136898c8ce5f8ac90ba46daacc015 http://ports.ubuntu.com/pool/main/b/bind9/libisccc30_9.4.2-10ubuntu0.1_sparc.deb Size/MD5: 22688 e69b52b3505b614f95836502f06bd1ac http://ports.ubuntu.com/pool/main/b/bind9/libisccfg30_9.4.2-10ubuntu0.1_sparc.deb Size/MD5: 38792 3167cb62f05d65b3971cc90f1093cd6a http://ports.ubuntu.com/pool/main/b/bind9/liblwres30_9.4.2-10ubuntu0.1_sparc.deb Size/MD5: 38984 92a1a25f10ed41b0bd3a25699e5d76ff http://ports.ubuntu.com/pool/universe/b/bind9/lwresd_9.4.2-10ubuntu0.1_sparc.deb Size/MD5: 169952 3656ebd36bb152e7e18c984f0d8a31fe . Description =========== == Several vulnerabilities in safe level == Multiple errors in the implementation of safe level restrictions can be exploited to call "untrace_var()", perform syslog operations, and modify "$PROGRAM_NAME" at safe level 4, or call insecure methods at safe levels 1 through 3. (These vulnerabilities were reported by Keita Yamaguchi.) == DoS vulnerability in WEBrick == An error exists in the usage of regular expressions in "WEBrick::HTTPUtils.split_header_value()". This can be exploited to consume large amounts of CPU via a specially crafted HTTP request. (This vulnerability was reported by Christian Neukirchen.) == Lack of taintness check in dl == An error in "DL" can be exploited to bypass security restrictions and call potentially dangerous functions. (This vulnerability was reported by Tanaka Akira.) Affected packages: Pardus 2008: ruby, all before 1.8.7_p72-16-4 ruby-mode, all before 1.8.7_p72-16-4 Pardus 2007: ruby, all before 1.8.7_p72-16-13 ruby-mode, all before 1.8.7_p72-16-4 Resolution ========== There are update(s) for ruby, ruby-mode. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up ruby ruby-mode Pardus 2007: pisi up ruby ruby-mode References ========== * http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 * http://secunia.com/advisories/31430/ ------------------------------------------------------------------------ -- Pınar Yanardağ http://pinguar.org _______________________________________________ Full-Disclosure - We believe in it. Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin. References: MS08-037 (CVE-2008-1447, CVE-2008-1454), MS08-038 (CVE-2008-1435), MS08-039 (CVE-2008-2247, CVE-2008-2248), MS08-040 (CVE-2008-0085, CVE-2008-0086, CVE-2008-0106, CVE-2008-0107). Patches released by Microsoft after MS06-051 are covered by monthly Security Bulletins. For the full archived list of Microsoft security updates applicable for Storage Management Appliance software v2.1, please refer to the following Security Bulletins available on the IT Resource Center (ITRC) Web site: http://www.itrc.hp.com/service/cki/secBullArchive.do For patches released by Microsoft in 2003, MS03-001 to MS03-051 refer to Security Bulletin HPSBST02146 For patches released by Microsoft in 2004, MS04-001 to MS04-045 refer to Security Bulletin HPSBST02147 For patches released by Microsoft in 2005, MS05-001 to MS05-055 refer to Security Bulletin HPSBST02148 For patches released by Microsoft in 2006, MS06-001 to MS06-051 refer to Security Bulletin HPSBST02140 The Microsoft patch index archive and further details about all Microsoft patches can be found on the following Web site: http://www.microsoft.com/technet/security/bulletin/summary.mspx NOTE: The SMA must have all pertinent SMA Service Packs applied Windows 2000 Update Rollup 1 Customers are advised to download and install the Windows 2000 Update Rollup 1 for Service Pack 4 on SMA v2.1. For more information please refer to the Windows 2000 Update Rollup 1 for Service Pack 4 and Storage Management Appliance v2.1 advisory at the following website: http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?contentType=SupportManual&lang=en&cc=us&docIndexId=179111&taskId=101&prodTypeId=12169&prodSeriesId=315667 Windows 2000 Update Rollup 1 for SP4 does not include security updates released after April 30, 2005 starting from MS05-026. It also does not include patches MS04-003 and MS04-028. NOTE: Patch installation instructions are shown at the end of this table. ------------------------------------------------- MS Patch - MS08-037 Vulnerabilities in DNS Could Allow Spoofing (953230) Analysis - Patch will run successfully. ------------------------------------------------- MS Patch - MS08-038 Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582) Analysis - SMA does not have this component. Action - Patch will not run successfully. Customers should not be concerned with this issue ------------------------------------------------- MS Patch - MS08-039 Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747) Analysis - SMA does not have this component. Action - Patch will not run successfully. Customers should not be concerned with this issue ------------------------------------------------- MS Patch - MS08-040 Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203) Analysis - SMA does not have this component. Action - Patch will not run successfully. Customers should not be concerned with this issue ------------------------------------------------- Installation Instructions: (if applicable) Download patches to a system other than the SMA Copy the patch to a floppy diskette or to a CD Execute the patch by using Terminal Services to the SMA or by attaching a keyboard, monitor and mouse to the SMA. Note: The Microsoft Windows Installer 3.1 is supported on SMA v2.1. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201209-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: VMware Player, Server, Workstation: Multiple vulnerabilities Date: September 29, 2012 Bugs: #213548, #224637, #236167, #245941, #265139, #282213, #297367, #335866, #385727 ID: 201209-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in VMware Player, Server, and Workstation, allowing remote and local attackers to conduct several attacks, including privilege escalation, remote execution of arbitrary code, and a Denial of Service. Background ========== VMware Player, Server, and Workstation allow emulation of a complete PC on a PC without the usual performance overhead of most emulators. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/vmware-player <= 2.5.5.328052 Vulnerable! 2 app-emulation/vmware-workstation <= 6.5.5.328052 Vulnerable! 3 app-emulation/vmware-server <= 1.0.9.156507 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 3 affected packages Description =========== Multiple vulnerabilities have been discovered in VMware Player, Server, and Workstation. Please review the CVE identifiers referenced below for details. Impact ====== Local users may be able to gain escalated privileges, cause a Denial of Service, or gain sensitive information. A remote attacker could entice a user to open a specially crafted file, possibly resulting in the remote execution of arbitrary code, or a Denial of Service. Furthermore, guest OS users may be able to execute arbitrary code on the host OS, gain escalated privileges on the guest OS, or cause a Denial of Service (crash the host OS). Workaround ========== There is no known workaround at this time. Resolution ========== Gentoo discontinued support for VMware Player. We recommend that users unmerge VMware Player: # emerge --unmerge "app-emulation/vmware-player" NOTE: Users could upgrade to ">=app-emulation/vmware-player-3.1.5", however these packages are not currently stable. Gentoo discontinued support for VMware Workstation. We recommend that users unmerge VMware Workstation: # emerge --unmerge "app-emulation/vmware-workstation" NOTE: Users could upgrade to ">=app-emulation/vmware-workstation-7.1.5", however these packages are not currently stable. Gentoo discontinued support for VMware Server. We recommend that users unmerge VMware Server: # emerge --unmerge "app-emulation/vmware-server" References ========== [ 1 ] CVE-2007-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5269 [ 2 ] CVE-2007-5503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5503 [ 3 ] CVE-2007-5671 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5671 [ 4 ] CVE-2008-0967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0967 [ 5 ] CVE-2008-1340 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1340 [ 6 ] CVE-2008-1361 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1361 [ 7 ] CVE-2008-1362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1362 [ 8 ] CVE-2008-1363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1363 [ 9 ] CVE-2008-1364 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1364 [ 10 ] CVE-2008-1392 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1392 [ 11 ] CVE-2008-1447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1447 [ 12 ] CVE-2008-1806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1806 [ 13 ] CVE-2008-1807 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1807 [ 14 ] CVE-2008-1808 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1808 [ 15 ] CVE-2008-2098 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2098 [ 16 ] CVE-2008-2100 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2100 [ 17 ] CVE-2008-2101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2101 [ 18 ] CVE-2008-4915 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4915 [ 19 ] CVE-2008-4916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4916 [ 20 ] CVE-2008-4917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4917 [ 21 ] CVE-2009-0040 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0040 [ 22 ] CVE-2009-0909 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0909 [ 23 ] CVE-2009-0910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0910 [ 24 ] CVE-2009-1244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1244 [ 25 ] CVE-2009-2267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2267 [ 26 ] CVE-2009-3707 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3707 [ 27 ] CVE-2009-3732 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3732 [ 28 ] CVE-2009-3733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3733 [ 29 ] CVE-2009-4811 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4811 [ 30 ] CVE-2010-1137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1137 [ 31 ] CVE-2010-1138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1138 [ 32 ] CVE-2010-1139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1139 [ 33 ] CVE-2010-1140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1140 [ 34 ] CVE-2010-1141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1141 [ 35 ] CVE-2010-1142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1142 [ 36 ] CVE-2010-1143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1143 [ 37 ] CVE-2011-3868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3868 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201209-25.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. ---------------------------------------------------------------------- TITLE: Red Hat update for bind SECUNIA ADVISORY ID: SA26195 VERIFY ADVISORY: http://secunia.com/advisories/26195/ CRITICAL: Moderately critical IMPACT: Spoofing WHERE: >From remote OPERATING SYSTEM: Red Hat Enterprise Linux (v. 5 server) http://secunia.com/product/13652/ Red Hat Enterprise Linux Desktop (v. 5 client) http://secunia.com/product/13653/ Red Hat Enterprise Linux Desktop Workstation (v. 5 client) http://secunia.com/product/13651/ RedHat Enterprise Linux AS 2.1 http://secunia.com/product/48/ RedHat Enterprise Linux AS 3 http://secunia.com/product/2534/ RedHat Enterprise Linux AS 4 http://secunia.com/product/4669/ RedHat Enterprise Linux ES 2.1 http://secunia.com/product/1306/ RedHat Enterprise Linux ES 3 http://secunia.com/product/2535/ RedHat Enterprise Linux ES 4 http://secunia.com/product/4668/ RedHat Enterprise Linux WS 3 http://secunia.com/product/2536/ RedHat Enterprise Linux WS 2.1 http://secunia.com/product/1044/ RedHat Enterprise Linux WS 4 http://secunia.com/product/4670/ RedHat Linux Advanced Workstation 2.1 for Itanium http://secunia.com/product/1326/ DESCRIPTION: Red Hat has issued an update for bind. For more information: SA26152 SOLUTION: Updated packages are available from Red Hat Network. http://rhn.redhat.com ORIGINAL ADVISORY: http://rhn.redhat.com/errata/RHSA-2007-0740.html OTHER REFERENCES: SA26152: http://secunia.com/advisories/26152/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Security Advisory (08-AUG-2008) (CVE-2008-3280) =============================================== Ben Laurie of Google's Applied Security team, while working with an external researcher, Dr. Richard Clayton of the Computer Laboratory, Cambridge University, found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and the fact that almost all SSL/TLS implementations do not consult CRLs (currently an untracked issue), this means that it is impossible to rely on these OPs. Attack Description ------------------ In order to mount an attack against a vulnerable OP, the attacker first finds the private key corresponding to the weak TLS certificate. He then sets up a website masquerading as the original OP, both for the OpenID protocol and also for HTTP/HTTPS. There are two cases, one is where the victim is a user trying to identify themselves, in which case, even if they use HTTPS to "ensure" that the site they are visiting is indeed their provider, they will be unable to detect the substitution and will give their login credentials to the attacker. The second case is where the victim is the Relying Party (RP). In this case, even if the RP uses TLS to connect to the OP, as is recommended for higher assurance, he will not be defended, as the vast majority of OpenID implementations do not check CRLs, and will, therefore, accept the malicious site as the true OP. Mitigation ---------- Mitigation is surprisingly hard. In theory the vulnerable site should revoke their weak certificate and issue a new one. However, since the CRLs will almost certainly not be checked, this means the site will still be vulnerable to attack for the lifetime of the certificate (and perhaps beyond, depending on user behaviour). Note that shutting down the site DOES NOT prevent the attack. Therefore mitigation falls to other parties. 1. 2. 3. 4. Until either 1 and 2 or 3 have been done, OpenID cannot be trusted for any OP that cannot demonstrate it has never had a weak certificate. Discussion ---------- Normally, when security problems are encountered with a single piece of software, the responsible thing to do is to is to wait until fixes are available before making any announcement. However, as a number of examples in the past have demonstrated, this approach does not work particularly well when many different pieces of software are involved because it is necessary to coordinate a simultaneous release of the fixes, whilst hoping that the very large number of people involved will cooperate in keeping the vulnerability secret. In the present situation, the fixes will involve considerable development work in adding CRL handling to a great many pieces of openID code. This is a far from trivial amount of work. The fixes will also involve changes to browser preferences to ensure that CRLs are checked by default -- which many vendors have resisted for years. We are extremely pessimistic that a security vulnerability in OpenID will be seen as sufficiently important to change the browser vendors minds. Hence, we see no value in delaying this announcement; and by making the details public as soon as possible, we believe that individuals who rely on OpenID will be better able to take their own individual steps to avoid relying upon the flawed certificates we have identified. OpenID is at heart quite a weak protocol, when used in its most general form[1], and consequently there is very limited reliance upon its security. This means that the consequences of the combination of attacks that are now possible is nothing like as serious as might otherwise have been the case. However, it does give an insight into the type of security disaster that may occur in the future if we do not start to take CRLs seriously, but merely stick them onto "to-do" lists or disable them in the name of tiny performance improvements. Affected Sites -------------- There is no central registry of OpenID systems, and so we cannot be sure that we have identified all of the weak certificates that are currently being served. The list of those we have found so far is: openid.sun.com www.xopenid.net openid.net.nz Notes ----- [1] There are ways of using OpenID that are significantly more secure than the commonly deployed scheme, I shall describe those in a separate article. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . All customers should test the updates / patch in their environment. HP is investigating changes to reduce the performance issues. This bulletin will be revised when new updates / patch become available

AFFECTED PRODUCTS