-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2002-0061 Package name: bind Summary: Minor security issue Date: 2002-07-15 Affected versions: TSL 1.1, 1.2, 1.5 - -------------------------------------------------------------------------- Problem description: From CERT Advisory CA-2002-19: "A buffer overflow vulnerability exists in multiple implementations of DNS resolver libraries. Operating systems and applications that utilize vulnerable DNS resolver libraries may be affected. A remote attacker who is able to send malicious DNS responses could potentially exploit this vulnerability to execute arbitrary code or cause a denial of service on a vulnerable system." As the named daemon is not vulnerable to this problem, we don't consider this bug to be critical. Nevertheless we have chosen to upgrade. Action: We recommend that all systems with this package installed are upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system. Location: All TSL updates are available from <URI:http://www.trustix.net/pub/Trustix/updates/> <URI:ftp://ftp.trustix.net/pub/Trustix/updates/> Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Get SWUP from: <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/> Public testing: These packages have been available for public testing for some time. If you want to contribute by testing the various packages in the testing tree, please feel free to share your findings on the tsl-discuss mailinglist. The testing tree is located at <URI:http://www.trustix.net/pub/Trustix/testing/> <URI:ftp://ftp.trustix.net/pub/Trustix/testing/> Questions? Check out our mailing lists: <URI:http://www.trustix.net/support/> Verification: This advisory along with all TSL packages are signed with the TSL sign key. This key is available from: <URI:http://www.trustix.net/TSL-GPG-KEY> The advisory itself is available from the errata pages at <URI:http://www.trustix.net/errata/trustix-1.2/> and <URI:http://www.trustix.net/errata/trustix-1.5/> or directly at <URI:http://www.trustix.net/errata/misc/2002/TSL-2002-0061-bind.asc.txt> MD5sums of the packages: - -------------------------------------------------------------------------- b497f251e91175754f1eaf11157f445c ./1.5/SRPMS/bind-8.2.6-1tr.src.rpm d00de9cc58d179d1aea5a2a76f1f3369 ./1.5/RPMS/bind-utils-8.2.6-1tr.i586.rpm 646eabafe4c77ed3b60ebb1d2e3e0292 ./1.5/RPMS/bind-devel-8.2.6-1tr.i586.rpm 25ab9b38033cdff4b4236340dd9dbb8e ./1.5/RPMS/bind-8.2.6-1tr.i586.rpm b497f251e91175754f1eaf11157f445c ./1.2/SRPMS/bind-8.2.6-1tr.src.rpm 5288043ec9c0296c8b4c3040ef66532e ./1.2/RPMS/bind-utils-8.2.6-1tr.i586.rpm 09d32b2fbe94c3809ff7e3badae4fc4c ./1.2/RPMS/bind-devel-8.2.6-1tr.i586.rpm acc648a2ccb2a1f63f06bab5585255bb ./1.2/RPMS/bind-8.2.6-1tr.i586.rpm b497f251e91175754f1eaf11157f445c ./1.1/SRPMS/bind-8.2.6-1tr.src.rpm b57143e19f81f1025be7606704959c29 ./1.1/RPMS/bind-utils-8.2.6-1tr.i586.rpm 23372c6af2ba3669451db4af4b6abb62 ./1.1/RPMS/bind-devel-8.2.6-1tr.i586.rpm 4257a9b081825e54e9495ae1e03ef582 ./1.1/RPMS/bind-8.2.6-1tr.i586.rpm - -------------------------------------------------------------------------- Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9Mqz/wRTcg4BxxS0RAonPAJ9n4XasuF854p12meU0vNG0NUUgVwCcDjG1 RHVvr0nVREyD/uXnZ+DE/BE= =tScV -----END PGP SIGNATURE-----
