-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[sflack-security] bind (SFSA:2007-207-01)
New bind packages are available for Sflack
11.0, and 12.0 to fix security issues.
The first issue which allows remote attackers to make recursive queries only
affects Sflack 12.0. More details about this issue may be found in the
Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925
The second issue is the discovery that BIND9's query IDs are cryptographically
weak. This issue affects the versions of BIND9 in all supported Sflack
versions. More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
Here are the details from the Sflack 12.0 ChangeLog:
+--------------------------+
patches/packages/bind-9.4.1_P1-x86_64-1_sflack12.0.tgz:
Upgraded to bind-9.4.1_P1 to fix security issues.
The default access control lists allow remote attackers to make recursive
queries in BIND9 versions 9.4.0 through 9.4.1.
The query IDs in BIND9 prior to BIND 9.4.1-P1 are cryptographically weak.
For more information on these issues, see:
http://www.isc.org/index.pl?/sw/bind/bind-security.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at Evolva Telecom
(http://evolva.ro) and serghei.net (http://serghei.net)
for donating additional FTP and rsync hosting
to the Sflack project! :-)
Also see the "Get Sflack" section on http://sflack.com for
additional mirror sites near you.
Updated package for Sflack 11.0:
ftp://ftp.sflack.com/pub/sflack/sflack-11.0/patches/packages/bind-9.3.4_P1-x86_64-1_sflack11.0.tgz
Updated package for Sflack 12.0:
ftp://ftp.sflack.com/pub/sflack/sflack-12.0/patches/packages/bind-9.4.1_P1-x86_64-1_sflack12.0.tgz
MD5 signatures:
+-------------+
Sflack 11.0 package:
07497a3c6b6543ffc32dad6430c854fd bind-9.3.4_P1-x86_64-1_sflack11.0.tgz
Sflack 12.0 package:
09409902eb5e7fe7a4f5682263bb75cb bind-9.4.1_P1-x86_64-1_sflack12.0.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg bind-9.4.1_P1-x86_64-1_sflack12.0.tgz
Then, restart the nameserver:
# /etc/rc.d/rc.bind restart
+-----+
Sflack Linux Security Team
http://sflack.com/gpg-key
security at sflack.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGqZP5w79R6/xskD8RAn1HAKC+dEUzcm34MIszfNMd1xqPNS/rTQCgmBMx
W/IYxj5R/PGsvifLV7plqj0=
=65bq
-----END PGP SIGNATURE-----
Correlati