Slackware Security Advisories
Slackware Logo

News

Security Advisories

FAQ

Book

General Info

Get Slack

Install Help

Configuration

Packages

ChangeLogs

Propaganda

Ports

Other Sites

Support

Contact

Mailing Lists

About

 
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] bind (SSA:2008-191-02)
Date: Wed, 9 Jul 2008 21:29:01 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  bind (SSA:2008-191-02)

New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,
11.0, 12.0, 12.1, and -current to address a security problem.

More details may be found at the following links:

    http://www.isc.org/sw/bind/bind-security.php
    http://www.kb.cert.org/vuls/id/800113
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447


Here are the details from the Slackware 12.1 ChangeLog:
+--------------------------+
patches/packages/bind-9.4.2_P1-i486-1_slack12.1.tgz:
  Upgraded to bind-9.4.2-P1.
  This upgrade addresses a security flaw known as the CERT VU#800113 DNS Cache
  Poisoning Issue.  This is the summary of the problem from the BIND site:
    "A weakness in the DNS protocol may enable the poisoning of caching
     recurive resolvers with spoofed data.  DNSSEC is the only full solution.
     New versions of BIND provide increased resilience to the attack."
  It is suggested that sites that run BIND upgrade to one of the new packages
  in order to reduce their exposure to DNS cache poisoning attacks.
  For more information, see:
    http://www.isc.org/sw/bind/bind-security.php
    http://www.kb.cert.org/vuls/id/800113
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT:  Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try.  This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/bind-9.3.5_P1-i386-1_slack8.1.tgz

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/bind-9.3.5_P1-i386-1_slack9.0.tgz

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/bind-9.3.5_P1-i486-1_slack9.1.tgz

Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/bind-9.3.5_P1-i486-1_slack10.0.tgz

Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/bind-9.3.5_P1-i486-1_slack10.1.tgz

Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/bind-9.3.5_P1-i486-1_slack10.2.tgz

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/bind-9.3.5_P1-i486-1_slack11.0.tgz

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/bind-9.4.2_P1-i486-1_slack12.0.tgz

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/bind-9.4.2_P1-i486-1_slack12.1.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.4.2_P1-i486-1.tgz


MD5 signatures:
+-------------+

Slackware 8.1 package:
c693e1ae4997c7cc23c0051ec1c90796  bind-9.3.5_P1-i386-1_slack8.1.tgz

Slackware 9.0 package:
24326f563c6588a0541f3409bc7298cd  bind-9.3.5_P1-i386-1_slack9.0.tgz

Slackware 9.1 package:
67178dd97006cf4cf3543704c82741b8  bind-9.3.5_P1-i486-1_slack9.1.tgz

Slackware 10.0 package:
a12c9e8304c5a7e285fa4df7d4b9756b  bind-9.3.5_P1-i486-1_slack10.0.tgz

Slackware 10.1 package:
6209e4a5f9693451279b0d02795b9bd8  bind-9.3.5_P1-i486-1_slack10.1.tgz

Slackware 10.2 package:
e1c6d74c787fa3b7f3a5905fef206206  bind-9.3.5_P1-i486-1_slack10.2.tgz

Slackware 11.0 package:
d354a0118388bb0f3fd32fa79166746a  bind-9.3.5_P1-i486-1_slack11.0.tgz

Slackware 12.0 package:
5b1087e6a0dc79ebf06144f44d5bb52f  bind-9.4.2_P1-i486-1_slack12.0.tgz

Slackware 12.1 package:
da76550505d62f0d902b710a078d1020  bind-9.4.2_P1-i486-1_slack12.1.tgz

Slackware -current package:
c255530e46f4cff8080a20b6c8d12443  bind-9.4.2_P1-i486-1.tgz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg bind-9.4.2_P1-i486-1_slack12.1.tgz

Then, restart the nameserver:
# /etc/rc.d/rc.bind restart


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkh1bX8ACgkQakRjwEAQIjM7uwCfXzOoVIFLLZUm5jtTiH+ft5tg
fK0An3T4oAZbW9yLM+DNQ3csWlHQULBM
=xI9d
-----END PGP SIGNATURE-----

Slackware™ is a trademark of Patrick Volkerding.