VectorLinux
October 01, 2014, 12:03:12 am *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Visit our home page for VL info. To search the old message board go to http://vectorlinux.com/forum1. The first VL forum is temporarily offline until we can find a host for it. Thanks for your patience.
 
Now powered by KnowledgeDex.
   Home   Help Search Login Register  
Please support VectorLinux!
Pages: [1]
  Print  
Author Topic: 090117 bind-9.4.3_p1 closes known security vulnerability [VL 5.9, VL 6.0]  (Read 2427 times)
caitlyn
Packager
Vectorian
****
Posts: 2876


WWW
« on: January 17, 2009, 05:41:37 pm »

Newly patched bind packages close a known security vulnerability for DNS servers running on VL 5.9, VL 5.9.1, and VL 6.0.  The bind package also provides the client utilities host, dig, and nslookup.

Quote
Severity: Low.

Description:

Return values from OpenSSL library functions EVP_VerifyFinal()
and DSA_do_verify() were not checked properly.

Impact:

It is theoretically possible to spoof answers returned from
zones using the DNSKEY algorithms DSA (3) and NSEC3DSA (6).

More details can be found at:
https://www.isc.org/node/373
http://www.ocert.org/advisories/ocert-2008-016.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.540362

It is also recommended that you upgrade to the new openssl packages.  A new bind package for VL 5.9 and VL 5.9.1 is now available the testing repository.  A new VL 6.0 package should follow shortly.
« Last Edit: January 17, 2009, 06:11:03 pm by caitlyn » Logged

eMachines EL-1300G desktop, 1.6GHz AMD Athlon 2650e CPU, 4GB RAM, nVidia GeForce 6150 SE video
CentOS 6.5 (will try VL64-7.1 soon)

Toshiba Satellite A135-S4727,  Intel Pentium T2080 / 1.73 GHz, 2GB RAM, Intel GMA 950

HP Mini 110 netbook, 1.6GHz Intel Atom CPU, 2GB RAM, Intel 950 video, VL 7.1
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!