Home / vulnerabilitiesPDF  

Mandriva Linux Security Advisory 2015-054

Posted on 05 March 2015
Source : packetstormsecurity.org Link

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:054
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : bind
Date : March 4, 2015
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated bind packages fix security vulnerability:

Jan-Piet Mens discovered that the BIND DNS server would crash when
processing an invalid DNSSEC key rollover, either due to an error
on the zone operator's part, or due to interference with network
traffic by an attacker. This issue affects configurations with the
directives "dnssec-lookaside auto;" (as enabled in the Mageia default
configuration) or "dnssec-validation auto;" (CVE-2015-1349).
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1349
http://advisories.mageia.org/MGASA-2015-0082.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
87d17f8944dfd07774598f951a5e342b mbs1/x86_64/bind-9.9.6.P2-1.mbs1.x86_64.rpm
7cc5d1caba2e2ee6f1a7ed34f57d5734 mbs1/x86_64/bind-devel-9.9.6.P2-1.mbs1.x86_64.rpm
3c58166143183223d74e5213ca5feb1b mbs1/x86_64/bind-doc-9.9.6.P2-1.mbs1.noarch.rpm
22a57fbda0364ea2a8b623c3958d80da mbs1/x86_64/bind-sdb-9.9.6.P2-1.mbs1.x86_64.rpm
14e2df9a464db7af7da97c7ab3fe866d mbs1/x86_64/bind-utils-9.9.6.P2-1.mbs1.x86_64.rpm
eb0a296b13c026ae8bdbcf8d2a9199ae mbs1/SRPMS/bind-9.9.6.P2-1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFU9taUmqjQ0CJFipgRAm8dAJ9mWM/Zah+H/QHeBbwwx9DcP54zqwCfZRjn
87ZiU5dQZbf2iCdtu/JkkPA=
=t1Cp
-----END PGP SIGNATURE-----

 

TOP