VectorLinux

Please login or register.

Login with username, password and session length
Advanced search  

News:

Visit our home page for VL info. For support and documentation, visit the Vector Linux Knowledge Center or search the Knowledge Center and this Forum using the search box above.

Author Topic: 090117 bind-9.4.3_p1 closes known security vulnerability [VL 5.9, VL 6.0]  (Read 2700 times)

caitlyn

  • Packager
  • Vectorian
  • ****
  • Posts: 2876
    • The Linux Works

Newly patched bind packages close a known security vulnerability for DNS servers running on VL 5.9, VL 5.9.1, and VL 6.0.  The bind package also provides the client utilities host, dig, and nslookup.

Quote
Severity: Low.

Description:

Return values from OpenSSL library functions EVP_VerifyFinal()
and DSA_do_verify() were not checked properly.

Impact:

It is theoretically possible to spoof answers returned from
zones using the DNSKEY algorithms DSA (3) and NSEC3DSA (6).

More details can be found at:
https://www.isc.org/node/373
http://www.ocert.org/advisories/ocert-2008-016.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.540362

It is also recommended that you upgrade to the new openssl packages.  A new bind package for VL 5.9 and VL 5.9.1 is now available the testing repository.  A new VL 6.0 package should follow shortly.
« Last Edit: January 17, 2009, 06:11:03 pm by caitlyn »
Logged
eMachines EL-1300G desktop, 1.6GHz AMD Athlon 2650e CPU, 4GB RAM, nVidia GeForce 6150 SE video
CentOS 6.5 (will try VL64-7.1 soon)

Toshiba Satellite A135-S4727,  Intel Pentium T2080 / 1.73 GHz, 2GB RAM, Intel GMA 950

HP Mini 110 netbook, 1.6GHz Intel Atom CPU, 2GB RAM, Intel 950 video, VL 7.1