bind (SSA:2008-191-02)  

Posted by Daniela Mehler

New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, and -current to address a security problem.

More details may be found at the following links:

http://www.isc.org/sw/bind/bind-security.php
http://www.kb.cert.org/vuls/id/800113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
Here are the details from the Slackware 12.1 ChangeLog:
+--------------------------+
patches/packages/bind-9.4.2_P1-i486-1_slack12.1.tgz:
Upgraded to bind-9.4.2-P1.
This upgrade addresses a security flaw known as the CERT VU#800113 DNS Cache
Poisoning Issue. This is the summary of the problem from the BIND site:
"A weakness in the DNS protocol may enable the poisoning of caching
recurive resolvers with spoofed data. DNSSEC is the only full solution.
New versions of BIND provide increased resilience to the attack."
It is suggested that sites that run BIND upgrade to one of the new packages
in order to reduce their exposure to DNS cache poisoning attacks.
For more information, see:
http://www.isc.org/sw/bind/bind-security.php
http://www.kb.cert.org/vuls/id/800113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/bind-9.3.5_P1-i386-1_slack8.1.tgz

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/bind-9.3.5_P1-i386-1_slack9.0.tgz

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/bind-9.3.5_P1-i486-1_slack9.1.tgz

Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/bind-9.3.5_P1-i486-1_slack10.0.tgz

Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/bind-9.3.5_P1-i486-1_slack10.1.tgz

Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/bind-9.3.5_P1-i486-1_slack10.2.tgz

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/bind-9.3.5_P1-i486-1_slack11.0.tgz

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/bind-9.4.2_P1-i486-1_slack12.0.tgz

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/bind-9.4.2_P1-i486-1_slack12.1.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.4.2_P1-i486-1.tgz


MD5 signatures:
+-------------+

Slackware 8.1 package:
c693e1ae4997c7cc23c0051ec1c90796 bind-9.3.5_P1-i386-1_slack8.1.tgz

Slackware 9.0 package:
24326f563c6588a0541f3409bc7298cd bind-9.3.5_P1-i386-1_slack9.0.tgz

Slackware 9.1 package:
67178dd97006cf4cf3543704c82741b8 bind-9.3.5_P1-i486-1_slack9.1.tgz

Slackware 10.0 package:
a12c9e8304c5a7e285fa4df7d4b9756b bind-9.3.5_P1-i486-1_slack10.0.tgz

Slackware 10.1 package:
6209e4a5f9693451279b0d02795b9bd8 bind-9.3.5_P1-i486-1_slack10.1.tgz

Slackware 10.2 package:
e1c6d74c787fa3b7f3a5905fef206206 bind-9.3.5_P1-i486-1_slack10.2.tgz

Slackware 11.0 package:
d354a0118388bb0f3fd32fa79166746a bind-9.3.5_P1-i486-1_slack11.0.tgz

Slackware 12.0 package:
5b1087e6a0dc79ebf06144f44d5bb52f bind-9.4.2_P1-i486-1_slack12.0.tgz

Slackware 12.1 package:
da76550505d62f0d902b710a078d1020 bind-9.4.2_P1-i486-1_slack12.1.tgz

Slackware -current package:
c255530e46f4cff8080a20b6c8d12443 bind-9.4.2_P1-i486-1.tgz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg bind-9.4.2_P1-i486-1_slack12.1.tgz

Then, restart the nameserver:
# /etc/rc.d/rc.bind restart


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key



Crytek: No More Crysis Patches
Massive Patch Coming for DNS Vulnerability
samba (SSA:2008-149-01)

This entry was posted on 11:11 PM .