Ispravljen je sigurnosni propust u radu programskog paketa BIND, namijenjenog operacijskom sustavu Fedora 16. Udaljenim napadačima omogućuje izvođenje DoS napada.
Paket:
BIND 9.x
Operacijski sustavi:
Fedora 16
Kritičnost:
6.8
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
udaljeno
Posljedica:
uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2012-4244
Izvorni ID preporuke:
FEDORA-2012-14030
Izvor:
Fedora
Problem:
Propust je posljedica pogreške u obradi izvornih zapisa koji imaju RDATA podatke veće od 65535 okteta (eng byte).
Posljedica:
Napadači ga mogu iskoristiti za izvođenje napada uskraćivanjem usluge.
Rješenje:
Korisnicima se savjetuje instalacija odgovarajućih sigurnosnih zakrpa.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-14030
2012-09-17 16:24:27
--------------------------------------------------------------------------------
Name : bind
Product : Fedora 16
Version : 9.8.3
Release : 4.P3.fc16
URL : http://www.isc.org/products/BIND/
Summary : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System)
server
Description :
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named),
which resolves host names to IP addresses; a resolver library
(routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating properly.
--------------------------------------------------------------------------------
Update Information:
Update to the 9.8.3-P3 security release.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 13 2012 Adam Tkac <atkac redhat com> 32:9.8.3-4.P3
- update to 9.8.3-P3
* Thu Jul 26 2012 Adam Tkac <atkac redhat com> 32:9.8.3-3.P2
- update to 9.8.3-P2
* Mon Jun 4 2012 Adam Tkac <atkac redhat com> 32:9.8.3-2.P1
- update to 9.8.3-P1 (CVE-2012-1667)
* Thu May 24 2012 Adam Tkac <atkac redhat com> 32:9.8.3-1
- update to 9.8.3
* Tue Apr 24 2012 Adam Tkac <atkac redhat com> 32:9.8.2-1
- update to 9.8.2
- bind-9.5-overflow.patch is no longer needed
* Fri Mar 16 2012 Adam Tkac <atkac redhat com> 32:9.8.2-0.4.rc2
- update to 9.8.2rc2
* Fri Mar 16 2012 Adam Tkac <atkac redhat com> 32:9.8.2-0.3.rc1
- load dynamic DB plugins later
* Mon Jan 23 2012 Adam Tkac <atkac redhat com> 32:9.8.2-0.2.rc1
- update to 9.8.2rc1
* Wed Dec 14 2011 Adam Tkac <atkac redhat com> 32:9.8.2-0.1.b1
- update to 9.8.2b1
- patches merged
- bind97-rh700097.patch
* Wed Dec 7 2011 Adam Tkac <atkac redhat com> 32:9.8.1-5.P1
- ship dns/forward.h in -devel subpkg
* Wed Nov 16 2011 Adam Tkac <atkac redhat com> 32:9.8.1-4.P1
- update to 9.8.1-P1 (CVE-2011-4313)
* Mon Sep 26 2011 Adam Tkac <atkac redhat com> 32:9.8.1-3
- remove deps filter, it is no longer needed (#739663)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #856754 - CVE-2012-4244 bind: specially crafted resource record
causes named to exit
https://bugzilla.redhat.com/show_bug.cgi?id=856754
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update bind' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke