ID

VAR-201303-0312

CVE

CVE-2013-2266

TITLE

UNIX On the platform ISC BIND Service disruption in ( Memory consumption ) Vulnerabilities

DESCRIPTION

libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process. ISC BIND is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. The following are affected: ISC BIND 9.7.x ISC BIND 9.8.0 through versions 9.8.5-b1 ISC BIND 9.9.0 through versions 9.9.3-b1. For the stable distribution (squeeze), this problem has been fixed in version 1:9.7.3.dfsg-1~squeeze10. For the testing distribution (wheezy), this problem has been fixed in version 1:9.8.4.dfsg.P1-6+nmu1. For the unstable distribution (sid), this problem has been fixed in version 1:9.8.4.dfsg.P1-6+nmu1. We recommend that you upgrade your bind9 packages. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/dhcp-4.2.5_P1-i486-1_slack14.0.txz: Upgraded. This update replaces the included BIND 9 code that the DHCP programs link against. Those contained a defect that could possibly lead to excessive memory consumption and a denial of service. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/dhcp-4.2.5_P1-i486-1_slack12.1.tgz Updated package for Slackware 12.2: ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/dhcp-4.2.5_P1-i486-1_slack12.2.tgz Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/dhcp-4.2.5_P1-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/dhcp-4.2.5_P1-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/dhcp-4.2.5_P1-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/dhcp-4.2.5_P1-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/dhcp-4.2.5_P1-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/dhcp-4.2.5_P1-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/dhcp-4.2.5_P1-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/dhcp-4.2.5_P1-x86_64-1_slack14.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/dhcp-4.2.5_P1-i486-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/dhcp-4.2.5_P1-x86_64-1.txz MD5 signatures: +-------------+ Slackware 12.1 package: c277d6dae778ddf859d3af9584cee23e dhcp-4.2.5_P1-i486-1_slack12.1.tgz Slackware 12.2 package: 15d244081a57135dfa61b8454209d296 dhcp-4.2.5_P1-i486-1_slack12.2.tgz Slackware 13.0 package: df6a3c2e39397f80e03a6b4b112bbf25 dhcp-4.2.5_P1-i486-1_slack13.0.txz Slackware x86_64 13.0 package: dbbdc76cc2bf5054ce15c036f3f4a21f dhcp-4.2.5_P1-x86_64-1_slack13.0.txz Slackware 13.1 package: 77f1881425fbce4922256b9c2d973f80 dhcp-4.2.5_P1-i486-1_slack13.1.txz Slackware x86_64 13.1 package: ce4486703ec878a8cf3cd1e6791e61be dhcp-4.2.5_P1-x86_64-1_slack13.1.txz Slackware 13.37 package: 01a8dde3c944beb5050d0ae6cde11bff dhcp-4.2.5_P1-i486-1_slack13.37.txz Slackware x86_64 13.37 package: 4f74f10dbb95e30b4470cefa66eff96a dhcp-4.2.5_P1-x86_64-1_slack13.37.txz Slackware 14.0 package: aa2d3985c9ea6ebc6882c96383d62e35 dhcp-4.2.5_P1-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 7f75298567f9d6ee252af1389ae9852a dhcp-4.2.5_P1-x86_64-1_slack14.0.txz Slackware -current package: e92641fe8649aa6d122b72e666e7420b n/dhcp-4.2.5_P1-i486-1.txz Slackware x86_64 -current package: 2e46a3038527318b06271e11e763dbb9 n/dhcp-4.2.5_P1-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg dhcp-4.2.5_P1-i486-1_slack14.0.txz Then, restart the dhcp daemon. +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Release Date: 2013-04-30 Last Updated: 2013-06-14 Potential Security Impact: Remote Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). References: CVE-2013-2266 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.31 running BIND 9.7.3 prior to C.9.7.3.2.0 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2013-2266 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided an updated version of the BIND service to resolve this vulnerability. This early release depot will be replaced by the June 2013 Web Upgrade, which is functionally identical. This update is available from the following location https://h20392.www2.hp.c om/portal/swdepot/displayProductInfo.do?productNumber=BIND BIND 9.7.3 for HP-UX Release Depot Name B.11.31 (PA and IA) bind973.depot MANUAL ACTIONS: Yes - Update Download and install the software update PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS For BIND 9.7.3 HP-UX B.11.31 ================== NameService.BIND-AUX NameService.BIND-RUN action: install revision C.9.7.3.2.0 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 30 April 2013 Initial release Version:2 (rev.2) - 14 June 2013 Revised location of update. Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security and bug fix update Advisory ID: RHSA-2013:0689-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0689.html Issue date: 2013-03-28 CVE Names: CVE-2013-2266 ===================================================================== 1. Summary: Updated bind packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the libdns library. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash. (CVE-2013-2266) Note: This update disables the syntax checking of NAPTR (Naming Authority Pointer) resource records. This update also fixes the following bug: * Previously, rebuilding the bind-dyndb-ldap source RPM failed with a "/usr/include/dns/view.h:76:21: error: dns/rrl.h: No such file or directory" error. (BZ#928439) All bind users are advised to upgrade to these updated packages, which contain patches to correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 928027 - CVE-2013-2266 bind: libdns regular expressions excessive resource consumption DoS 928439 - building bind-dyndb-ldap error: dns/rrl.h: No such file or directory 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm i386: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.i686.rpm x86_64: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm i386: bind-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.i686.rpm x86_64: bind-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm x86_64: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm x86_64: bind-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm i386: bind-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.i686.rpm ppc64: bind-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.ppc.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.ppc.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm s390x: bind-9.8.2-0.17.rc1.el6_4.4.s390x.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.s390x.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.s390.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.s390x.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.s390.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.s390x.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.s390x.rpm x86_64: bind-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm i386: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.i686.rpm ppc64: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.ppc.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.ppc.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm s390x: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.s390.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.s390x.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.s390.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.s390x.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.s390x.rpm x86_64: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm i386: bind-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.i686.rpm x86_64: bind-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm i386: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.i686.rpm x86_64: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-2266.html https://access.redhat.com/security/updates/classification/#important http://www.isc.org/software/bind/advisories/cve-2013-2266 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRVMLdXlSAg2UNWIIRAsZfAKCyin6VjKh+MJwZjqJ0tn2+ayZTygCdEwWJ SMtY22xlYL6dxJ9RgKwa9Q0= =/8r6 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266 _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: f36857a433daea597c4ec28038905d17 mes5/i586/bind-9.7.6-0.0.P4.0.2mdvmes5.2.i586.rpm 46c527cc9b22e9177e6fedf60c65925a mes5/i586/bind-devel-9.7.6-0.0.P4.0.2mdvmes5.2.i586.rpm a0bbe5405898b2a2ce7f513788a6a229 mes5/i586/bind-doc-9.7.6-0.0.P4.0.2mdvmes5.2.i586.rpm b321cb2a467724660df48cf92b3945f0 mes5/i586/bind-utils-9.7.6-0.0.P4.0.2mdvmes5.2.i586.rpm 890d003d00da0bfaf671313e85f46d1e mes5/SRPMS/bind-9.7.6-0.0.P4.0.2mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 08de2e6cfa579e00e253c37bea966307 mes5/x86_64/bind-9.7.6-0.0.P4.0.2mdvmes5.2.x86_64.rpm ae6189e64132f148a639360d66368fcb mes5/x86_64/bind-devel-9.7.6-0.0.P4.0.2mdvmes5.2.x86_64.rpm 4ee72b2b8917de78790060bb73018af9 mes5/x86_64/bind-doc-9.7.6-0.0.P4.0.2mdvmes5.2.x86_64.rpm c1dd1ebdd63f4cc9fbb83ca0b8a435e0 mes5/x86_64/bind-utils-9.7.6-0.0.P4.0.2mdvmes5.2.x86_64.rpm 890d003d00da0bfaf671313e85f46d1e mes5/SRPMS/bind-9.7.6-0.0.P4.0.2mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 71ea4fee0536640c4f391b8ee8b39658 mbs1/x86_64/bind-9.9.2.P2-1.mbs1.x86_64.rpm 181b8e5ddaccb10365b4c03457f7c77b mbs1/x86_64/bind-devel-9.9.2.P2-1.mbs1.x86_64.rpm a7b06470573069c1a0ad207fa5ea401e mbs1/x86_64/bind-doc-9.9.2.P2-1.mbs1.noarch.rpm 88d2444424375c4ca05a860dfdc4e695 mbs1/x86_64/bind-sdb-9.9.2.P2-1.mbs1.x86_64.rpm fd09642c9a8350f4f633e58f33d39a12 mbs1/x86_64/bind-utils-9.9.2.P2-1.mbs1.x86_64.rpm 3c703696946399024c7b107e1d28e031 mbs1/SRPMS/bind-9.9.2.P2-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

buffer overflow

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Matthew Horsfall of Dyn, Inc.

SOURCES

LAST UPDATE DATE

2024-09-15T21:16:44.611000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE