MGASA-2012-0119
| Date: | June 19th, 2012 |
| Affected releases: | 1, 2 |
Description:
Dan Luther discovered that Bind incorrectly handled zero length rdata
fields. A remote attacker could use this flaw to cause Bind to crash or
behave erratically, resulting in a denial of service. (CVE-2012-1667)
It was discovered that Bind incorrectly handled revoked domain names. A
remote attacker could use this flaw to cause malicious domain names to be
continuously resolvable even after they have been revoked. (CVE-2012-1033)
Mageia 1 is affected by CVE-2012-1033 and CVE-2012-1667, and
have been upgraded to bind 9.8.3-P1, which fixes both issues.
Mageia 2 is affected by CVE-2012-1667, and have been upgraded
to bind 9.9.1-P1, which fixes the issue.
Updated Packages:
Mageia 1:
bind-9.8.3P1-1.mga1
bind-devel-9.8.3P1-1.mga1
bind-doc-9.8.3P1-1.mga1
bind-utils-9.8.3P1-1.mga1
Mageia 2:
bind-9.9.1.P1-1.mga2
bind-devel-9.9.1.P1-1.mga2
bind-doc-9.9.1.P1-1.mga2
bind-sdb-9.9.1.P1-1.mga2
bind-utils-9.9.1.P1-1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1033
http://www.isc.org/software/bind/advisories/cve-2012-1033
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667
http://www.isc.org/software/bind/advisories/cve-2012-1667
ftp://ftp.isc.org/isc/bind9/9.8.3-P1/RELEASE-NOTES-BIND-9.8.3-P1.txt
ftp://ftp.isc.org/isc/bind9/9.9.1-P1/RELEASE-NOTES-BIND-9.9.1-P1.txt
https://bugs.mageia.org/show_bug.cgi?id=6359
