MGASA-2012-0354
Date: | December 7th, 2012 |
Affected releases: | 2 |
Description:
Updated bind packages fix security vulnerability:
BIND 9 nameservers using the DNS64 IPv6 transition mechanism are vulnerable
to a software defect that allows a crafted query to crash the server with
a REQUIRE assertion failure. Remote exploitation of this defect can be
achieved without extensive effort, resulting in a denial-of-service (DoS)
vector against affected servers (CVE-2012-5688).
This update provides BIND 9.9.2-P1, which fixes this issue.
Also, dnssec has been disabled by default, as it causes significant
latency when not configured properly.
It was dicovered that the named server segfaulted when stopped that
eventually could fill the filesystem with core files, this was fixed
with the 9.9.2 version (#7540).
It was discovered that the needed openssl engine libgost.so was not
updated in the chroot which could cause erratic behaviour (#7540).
It was discovered that the mount bind of proc in the chroot did not work
due to changes in how the mount command works. This has now been removed
as it's not needed anymore (#7540).
It was discovered that the root DNS server list was quite dated and this
file has been updated.
Updated Packages:
bind-9.9.2.P1-1.mga2
bind-devel-9.9.2.P1-1.mga2
bind-doc-9.9.2.P1-1.mga2
bind-sdb-9.9.2.P1-1.mga2
bind-utils-9.9.2.P1-1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5688
ftp://ftp.isc.org/isc/bind/9.9.2-P1/CHANGES
ftp://ftp.isc.org/isc/bind/9.9.2-P1/RELEASE-NOTES-BIND-9.9.2-P1.txt
https://kb.isc.org/article/AA-00828
https://bugs.mageia.org/show_bug.cgi?id=7540
https://bugs.mageia.org/show_bug.cgi?id=8304