MDKSA-2005:023

Package name

bind

Date

2005-01-26

Advisory ID

MDKSA-2005:023

Affected versions

10.1 i586 , 10.1 x86_64

Problem description

A vulnerability was discovered in BIND version 9.3.0 where a remote attacker may be able to cause named to exit prematurely, causing a Denial of Service due to an incorrect assumption in the validator function authvalidated(). The updated packages have been patched to prevent this problem.

Updated packages

10.1 i586

 2c3b0b567b122b32672834813099ace9  10.1/RPMS/bind-9.3.0-3.1.101mdk.i586.rpm
f9e226057c52236b13631ffe032f6bc2  10.1/RPMS/bind-devel-9.3.0-3.1.101mdk.i586.rpm
e6a4b508f747a26af2e98d879cb1127e  10.1/RPMS/bind-utils-9.3.0-3.1.101mdk.i586.rpm
bcfc92436972a46b3788ec38edfd45d9  10.1/SRPMS/bind-9.3.0-3.1.101mdk.src.rpm

10.1 x86_64

 1e497338a4c775afd571157c94b7a954  x86_64/10.1/RPMS/bind-9.3.0-3.1.101mdk.x86_64.rpm
9e61bddc45238b768bc2f93948a9024b  x86_64/10.1/RPMS/bind-devel-9.3.0-3.1.101mdk.x86_64.rpm
17cf2955482bc6c3523b0123ca2010d9  x86_64/10.1/RPMS/bind-utils-9.3.0-3.1.101mdk.x86_64.rpm
bcfc92436972a46b3788ec38edfd45d9  x86_64/10.1/SRPMS/bind-9.3.0-3.1.101mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0034
• http://www.cert.org/advisories/938617