[sflack-security] bind (SFSA:2007-207-01)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


[sflack-security]  bind (SFSA:2007-207-01)

New bind packages are available for Sflack
11.0, and 12.0 to fix security issues.

The first issue which allows remote attackers to make recursive queries only
affects Sflack 12.0.  More details about this issue may be found in the
Common Vulnerabilities and Exposures (CVE) database:

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925

The second issue is the discovery that BIND9's query IDs are cryptographically
weak.  This issue affects the versions of BIND9 in all supported Sflack
versions.  More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926


Here are the details from the Sflack 12.0 ChangeLog:
+--------------------------+
patches/packages/bind-9.4.1_P1-x86_64-1_sflack12.0.tgz:
   Upgraded to bind-9.4.1_P1 to fix security issues.
   The default access control lists allow remote attackers to make recursive
   queries in BIND9 versions 9.4.0 through 9.4.1.
   The query IDs in BIND9 prior to BIND 9.4.1-P1 are cryptographically weak.
   For more information on these issues, see:
     http://www.isc.org/index.pl?/sw/bind/bind-security.php
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
   (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at Evolva Telecom
(http://evolva.ro) and serghei.net (http://serghei.net)
for donating additional FTP and rsync hosting
to the Sflack project!   :-)

Also see the "Get Sflack" section on http://sflack.com for
additional mirror sites near you.

Updated package for Sflack 11.0:
ftp://ftp.sflack.com/pub/sflack/sflack-11.0/patches/packages/bind-9.3.4_P1-x86_64-1_sflack11.0.tgz

Updated package for Sflack 12.0:
ftp://ftp.sflack.com/pub/sflack/sflack-12.0/patches/packages/bind-9.4.1_P1-x86_64-1_sflack12.0.tgz


MD5 signatures:
+-------------+

Sflack 11.0 package:
07497a3c6b6543ffc32dad6430c854fd  bind-9.3.4_P1-x86_64-1_sflack11.0.tgz

Sflack 12.0 package:
09409902eb5e7fe7a4f5682263bb75cb  bind-9.4.1_P1-x86_64-1_sflack12.0.tgz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg bind-9.4.1_P1-x86_64-1_sflack12.0.tgz

Then, restart the nameserver:
# /etc/rc.d/rc.bind restart


+-----+

Sflack Linux Security Team
http://sflack.com/gpg-key
security at sflack.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGqZP5w79R6/xskD8RAn1HAKC+dEUzcm34MIszfNMd1xqPNS/rTQCgmBMx
W/IYxj5R/PGsvifLV7plqj0=
=65bq
-----END PGP SIGNATURE-----

Terms and Conditions - Privacy Policy