Support / Security / Advisories / Corporate Server 4.0 / MDVSA-2011:104

Package name: bind
Date: 2011-06-01
Advisory ID: MDVSA-2011:104
Affected versions: 2009.0 x86_64 , MES5 i586 , 2010.1 i586 , 2009.0 i586 , CS4.0 i586 , CS4.0 x86_64 , MES5 x86_64 , 2010.1 x86_64

Problem description

A vulnerability has been identified and fixed in ISC BIND:

Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x
before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before
9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service
(assertion failure and daemon exit) via a negative response containing
large RRSIG RRsets (CVE-2011-1910).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php\?cPath=149\&products_id=490

The updated packages have been patched to correct this issue. For
2010.2 ISC BIND was upgraded to 9.7.3-P1 which is not vulnerable to
this issue.

Updated packages

2009.0 x86_64

 b9711c2fc96a83b7b3ce16e872480a94  2009.0/x86_64/bind-9.6.2-0.3mdv2009.0.x86_64.rpm
 835c967bdb7e163ee650ad4c2a93a02e  2009.0/x86_64/bind-devel-9.6.2-0.3mdv2009.0.x86_64.rpm
 afd62cab2b8be8ab47307541cda19b1b  2009.0/x86_64/bind-doc-9.6.2-0.3mdv2009.0.x86_64.rpm
 949e7df04821a40c180a43323fb1b6b3  2009.0/x86_64/bind-utils-9.6.2-0.3mdv2009.0.x86_64.rpm 
 9ce92b36b69535037658b12de6ba91f3  2009.0/SRPMS/bind-9.6.2-0.3mdv2009.0.src.rpm

MES5 i586

 467bf36fd2f979b44936a5048e66b177  mes5/i586/bind-9.6.2-0.3mdvmes5.2.i586.rpm
 cb277066933724335637f05c89371a06  mes5/i586/bind-devel-9.6.2-0.3mdvmes5.2.i586.rpm
 fc839ab342e30da3777d4e15af7412f6  mes5/i586/bind-doc-9.6.2-0.3mdvmes5.2.i586.rpm
 e71726f1845cb35577fe18af40ec8798  mes5/i586/bind-utils-9.6.2-0.3mdvmes5.2.i586.rpm 
 ca697b83e7ae5d4d108ae6ca6ce95107  mes5/SRPMS/bind-9.6.2-0.3mdvmes5.2.src.rpm

2010.1 i586

 facbc4e2c06e947c116f22c6ab546dc9  2010.1/i586/bind-9.7.3-0.0.P1.1.1mdv2010.2.i586.rpm
 15fe702c18438ad9a9d07d1a08e8dc5e  2010.1/i586/bind-devel-9.7.3-0.0.P1.1.1mdv2010.2.i586.rpm
 f67cc34ea4fa188c6e1ce78a2f418cec  2010.1/i586/bind-doc-9.7.3-0.0.P1.1.1mdv2010.2.i586.rpm
 c954e45cc2f928f8c241c1c544b76c1b  2010.1/i586/bind-utils-9.7.3-0.0.P1.1.1mdv2010.2.i586.rpm 
 a258d307cde57f5f8f750311d1922aee  2010.1/SRPMS/bind-9.7.3-0.0.P1.1.1mdv2010.2.src.rpm

2009.0 i586

 ebe0e9136ca078d55e8474b7e4774fa0  2009.0/i586/bind-9.6.2-0.3mdv2009.0.i586.rpm
 4bcead4d6fffece6a8786e20580f433b  2009.0/i586/bind-devel-9.6.2-0.3mdv2009.0.i586.rpm
 7c4269cc12c36c81b8d5e6beda01db22  2009.0/i586/bind-doc-9.6.2-0.3mdv2009.0.i586.rpm
 180a7897d73d5f81bb22403bbfd01301  2009.0/i586/bind-utils-9.6.2-0.3mdv2009.0.i586.rpm 
 9ce92b36b69535037658b12de6ba91f3  2009.0/SRPMS/bind-9.6.2-0.3mdv2009.0.src.rpm

CS4.0 i586

 438be9cf334ebfabac9128ab17488b16  corporate/4.0/i586/bind-9.4.3-0.4.20060mlcs4.i586.rpm
 73bdfc4039746f9f5ecc95c8b02c9baa  corporate/4.0/i586/bind-devel-9.4.3-0.4.20060mlcs4.i586.rpm
 b659532890edec643588df8097b4f9a4  corporate/4.0/i586/bind-utils-9.4.3-0.4.20060mlcs4.i586.rpm 
 6264781c61bac05330db0300520686aa  corporate/4.0/SRPMS/bind-9.4.3-0.4.20060mlcs4.src.rpm

CS4.0 x86_64

 a202e00d59ea543e2e2683ebd21509c2  corporate/4.0/x86_64/bind-9.4.3-0.4.20060mlcs4.x86_64.rpm
 c020841e7cc8ee34ec576a3dd3a6c053  corporate/4.0/x86_64/bind-devel-9.4.3-0.4.20060mlcs4.x86_64.rpm
 47ee68c9f935447a0160850a6f151fb5  corporate/4.0/x86_64/bind-utils-9.4.3-0.4.20060mlcs4.x86_64.rpm 
 6264781c61bac05330db0300520686aa  corporate/4.0/SRPMS/bind-9.4.3-0.4.20060mlcs4.src.rpm

MES5 x86_64

 7a488676d28da8704b51ca731b726697  mes5/x86_64/bind-9.6.2-0.3mdvmes5.2.x86_64.rpm
 4803a569597c7372b7b2323da9220d4d  mes5/x86_64/bind-devel-9.6.2-0.3mdvmes5.2.x86_64.rpm
 1a6c027085db39464be568061c70c877  mes5/x86_64/bind-doc-9.6.2-0.3mdvmes5.2.x86_64.rpm
 f520ec26e2c0e68e1f82767f1a4b6d54  mes5/x86_64/bind-utils-9.6.2-0.3mdvmes5.2.x86_64.rpm 
 ca697b83e7ae5d4d108ae6ca6ce95107  mes5/SRPMS/bind-9.6.2-0.3mdvmes5.2.src.rpm

2010.1 x86_64

 7fc178b5236b9d82e028f1d95a0995e7  2010.1/x86_64/bind-9.7.3-0.0.P1.1.1mdv2010.2.x86_64.rpm
 b9a1c2434083eec6bdf537249f62ef12  2010.1/x86_64/bind-devel-9.7.3-0.0.P1.1.1mdv2010.2.x86_64.rpm
 923cbacff1dd7b8a35b248af46979f84  2010.1/x86_64/bind-doc-9.7.3-0.0.P1.1.1mdv2010.2.x86_64.rpm
 c564274f9fd0a837963cd7359ef520de  2010.1/x86_64/bind-utils-9.7.3-0.0.P1.1.1mdv2010.2.x86_64.rpm 
 a258d307cde57f5f8f750311d1922aee  2010.1/SRPMS/bind-9.7.3-0.0.P1.1.1mdv2010.2.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910