MDVSA-2012:152-1

Package name

bind

Date

2012-10-02

Advisory ID

MDVSA-2012:152-1

Affected versions

2011 i586 , 2011 x86_64

Problem description

A vulnerability was discovered and corrected in bind:

A nameserver can be caused to exit with a REQUIRE exception if it can
be induced to load a specially crafted resource record (CVE-2012-4244).

The updated packages have been upgraded to bind 9.7.6-P3 which is
not vulnerable to this issue.

Update:

Packages for Mandriva Linux 2011 is being provided.

The updated packages have been upgraded to bind 9.8.3-P3 which is
not vulnerable to this issue.

Updated packages

2011 i586

 ecc7600f8582ac93fe5ebed4ac658c9b  2011/i586/bind-9.8.3-0.0.P3.0.1-mdv2011.0.i586.rpm
 43469a462ceae0a03e7e0474175eaa94  2011/i586/bind-devel-9.8.3-0.0.P3.0.1-mdv2011.0.i586.rpm
 548ec34953809e9f3a7a2336fe3d62c1  2011/i586/bind-doc-9.8.3-0.0.P3.0.1-mdv2011.0.i586.rpm
 cb2dbf102709021d48c60403f7535c9a  2011/i586/bind-utils-9.8.3-0.0.P3.0.1-mdv2011.0.i586.rpm 
 687409d845cc1b964931e6a1f7494b6d  2011/SRPMS/bind-9.8.3-0.0.P3.0.1.src.rpm

2011 x86_64

 dc178f953c803c2cb478d3b9149bdc61  2011/x86_64/bind-9.8.3-0.0.P3.0.1-mdv2011.0.x86_64.rpm
 23ef816f7fffdc53b0465cf0316ccd68  2011/x86_64/bind-devel-9.8.3-0.0.P3.0.1-mdv2011.0.x86_64.rpm
 0a555b8851f7a801c49bdcd0c425258a  2011/x86_64/bind-doc-9.8.3-0.0.P3.0.1-mdv2011.0.x86_64.rpm
 19a19f9efd7e98e71b6463a8d12e8cfa  2011/x86_64/bind-utils-9.8.3-0.0.P3.0.1-mdv2011.0.x86_64.rpm 
 687409d845cc1b964931e6a1f7494b6d  2011/SRPMS/bind-9.8.3-0.0.P3.0.1.src.rpm

References

• ftp://ftp.isc.org/isc/bind9/9.7.6-P3/CHANGES
• https://kb.isc.org/article/AA-00778
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4244
• ftp://ftp.isc.org/isc/bind9/9.8.3-P3/CHANGES