Date: Mon, 15 Jul 2002 15:05:19 +0200
From: (Trustix Secure Linux Advisor) <tsl@trustix.com>
To: bugtraq@securityfocus.com
Subject: TSLSA-2002-0061 - bind
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2002-0061
Package name: bind
Summary: Minor security issue
Date: 2002-07-15
Affected versions: TSL 1.1, 1.2, 1.5
- --------------------------------------------------------------------------
Problem description:
From CERT Advisory CA-2002-19:
"A buffer overflow vulnerability exists in multiple implementations
of DNS resolver libraries. Operating systems and applications that
utilize vulnerable DNS resolver libraries may be affected. A remote
attacker who is able to send malicious DNS responses could potentially
exploit this vulnerability to execute arbitrary code or cause a denial
of service on a vulnerable system."
As the named daemon is not vulnerable to this problem, we don't consider
this bug to be critical. Nevertheless we have chosen to upgrade.
Action:
We recommend that all systems with this package installed are upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.
Location:
All TSL updates are available from
<URI:http://www.trustix.net/pub/Trustix/updates/>;
<URI:ftp://ftp.trustix.net/pub/Trustix/updates/>;
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Get SWUP from:
<URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/>;
Public testing:
These packages have been available for public testing for some time.
If you want to contribute by testing the various packages in the
testing tree, please feel free to share your findings on the
tsl-discuss mailinglist.
The testing tree is located at
<URI:http://www.trustix.net/pub/Trustix/testing/>;
<URI:ftp://ftp.trustix.net/pub/Trustix/testing/>;
Questions?
Check out our mailing lists:
<URI:http://www.trustix.net/support/>;
Verification:
This advisory along with all TSL packages are signed with the TSL sign key.
This key is available from:
<URI:http://www.trustix.net/TSL-GPG-KEY>;
The advisory itself is available from the errata pages at
<URI:http://www.trustix.net/errata/trustix-1.2/>; and
<URI:http://www.trustix.net/errata/trustix-1.5/>;
or directly at
<URI:http://www.trustix.net/errata/misc/2002/TSL-2002-0061-bind.asc.txt>;
MD5sums of the packages:
- --------------------------------------------------------------------------
b497f251e91175754f1eaf11157f445c ./1.5/SRPMS/bind-8.2.6-1tr.src.rpm
d00de9cc58d179d1aea5a2a76f1f3369 ./1.5/RPMS/bind-utils-8.2.6-1tr.i586.rpm
646eabafe4c77ed3b60ebb1d2e3e0292 ./1.5/RPMS/bind-devel-8.2.6-1tr.i586.rpm
25ab9b38033cdff4b4236340dd9dbb8e ./1.5/RPMS/bind-8.2.6-1tr.i586.rpm
b497f251e91175754f1eaf11157f445c ./1.2/SRPMS/bind-8.2.6-1tr.src.rpm
5288043ec9c0296c8b4c3040ef66532e ./1.2/RPMS/bind-utils-8.2.6-1tr.i586.rpm
09d32b2fbe94c3809ff7e3badae4fc4c ./1.2/RPMS/bind-devel-8.2.6-1tr.i586.rpm
acc648a2ccb2a1f63f06bab5585255bb ./1.2/RPMS/bind-8.2.6-1tr.i586.rpm
b497f251e91175754f1eaf11157f445c ./1.1/SRPMS/bind-8.2.6-1tr.src.rpm
b57143e19f81f1025be7606704959c29 ./1.1/RPMS/bind-utils-8.2.6-1tr.i586.rpm
23372c6af2ba3669451db4af4b6abb62 ./1.1/RPMS/bind-devel-8.2.6-1tr.i586.rpm
4257a9b081825e54e9495ae1e03ef582 ./1.1/RPMS/bind-8.2.6-1tr.i586.rpm
- --------------------------------------------------------------------------
Trustix Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9Mqz/wRTcg4BxxS0RAonPAJ9n4XasuF854p12meU0vNG0NUUgVwCcDjG1
RHVvr0nVREyD/uXnZ+DE/BE=
=tScV
-----END PGP SIGNATURE-----
