Date: Mon, 18 Nov 2002 14:39:24 +0100
From: (Trustix Secure Linux Advisor) <tsl@trustix.com>
To: bugtraq@securityfocus.com
Subject: TSLSA-2002-0076 - bind
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2002-0076
Package name: bind
Summary: Remote exploit
Date: 2002-11-15
Affected versions: TSL 1.1, 1.2, 1.5
- --------------------------------------------------------------------------
Package description:
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named),
which resolves host names to IP addresses, and a resolver library
(routines for applications to use when interfacing with DNS).
Problem description:
ISS X-Force has found a number of problems in all BIND 8 series up to
and including 8.2.6 and 8.3.3. Two of these can cause BIND to crash
causing a denial of service attack, whereas the last can be used to
execute arbitary code on the victim.
Action:
We recommend that all systems with this package installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.
Location:
All TSL updates are available from
<URI:http://www.trustix.net/pub/Trustix/updates/>;
<URI:ftp://ftp.trustix.net/pub/Trustix/updates/>;
About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus on
security and stability, the system is painlessly kept safe and up to date
from day one using swup, the automated software updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Get SWUP from:
<URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/>;
Public testing:
These packages have been available for public testing for some time.
If you want to contribute by testing the various packages in the
testing tree, please feel free to share your findings on the
tsl-discuss mailinglist.
The testing tree is located at
<URI:http://www.trustix.net/pub/Trustix/testing/>;
<URI:ftp://ftp.trustix.net/pub/Trustix/testing/>;
Questions?
Check out our mailing lists:
<URI:http://www.trustix.net/support/>;
Verification:
This advisory along with all TSL packages are signed with the TSL sign key.
This key is available from:
<URI:http://www.trustix.net/TSL-GPG-KEY>;
The advisory itself is available from the errata pages at
<URI:http://www.trustix.net/errata/trustix-1.2/>; and
<URI:http://www.trustix.net/errata/trustix-1.5/>;
or directly at
<URI:http://www.trustix.net/errata/misc/2002/TSL-2002-0076-bind.asc.txt>;
MD5sums of the packages:
- --------------------------------------------------------------------------
7ca823f5bdcda62354971ba527659f8f ./1.1/RPMS/bind-8.2.6-2tr.i586.rpm
97e22862a18c94181f004b2961474a61 ./1.1/RPMS/bind-devel-8.2.6-2tr.i586.rpm
1b3924c34061398f64906a41bc4e103e ./1.1/RPMS/bind-utils-8.2.6-2tr.i586.rpm
9b353d2f2beef989a4d34fa9fd04cc30 ./1.1/SRPMS/bind-8.2.6-2tr.src.rpm
979d763efbec95a6104b8df307a52ab2 ./1.2/RPMS/bind-8.2.6-2tr.i586.rpm
a219f2f92ea9f4cccb74c4ac9fcc8f69 ./1.2/RPMS/bind-devel-8.2.6-2tr.i586.rpm
cc97ab8e12caaff576063d150d7216e7 ./1.2/RPMS/bind-utils-8.2.6-2tr.i586.rpm
9b353d2f2beef989a4d34fa9fd04cc30 ./1.2/SRPMS/bind-8.2.6-2tr.src.rpm
aa38424ba1671b811aec3265e3764390 ./1.5/RPMS/bind-8.2.6-2tr.i586.rpm
74a18eed135150b64f62fb398d823175 ./1.5/RPMS/bind-devel-8.2.6-2tr.i586.rpm
74b1f15664668fcfa0da9b52f55d7745 ./1.5/RPMS/bind-utils-8.2.6-2tr.i586.rpm
9b353d2f2beef989a4d34fa9fd04cc30 ./1.5/SRPMS/bind-8.2.6-2tr.src.rpm
- --------------------------------------------------------------------------
Trustix Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE92NuHwRTcg4BxxS0RAraRAJ0Q+GDhIUUv0gbgv91q1ZmnFqkTHACfaRST
KUB6bSTouOiksfknm0Mc/6I=
=brw5
-----END PGP SIGNATURE-----
