Subject: | |
From: | |
Reply To: | |
Date: | Fri, 11 Jul 2008 15:58:48 -0500 |
Content-Type: | TEXT/PLAIN |
Parts/Attachments: |
|
|
Synopsis: Important: bind security update
CVE Names: CVE-2008-1447
Description:
The DNS protocol protects against spoofing attacks by requiring an attacker
to predict both the DNS transaction ID and UDP source port of a request. In
recent years, a number of papers have found problems with DNS
implementations which make it easier for an attacker to perform DNS
cache-poisoning attacks.
Previous versions of BIND did not use randomized UDP source ports. If an
attacker was able to predict the random DNS transaction ID, this could make
DNS cache-poisoning attacks easier. In order to provide more resilience,
BIND has been updated to use a range of random UDP source ports.
(CVE-2008-1447)
Note: This errata also updates SELinux policy to allow BIND to use random
UDP source ports.
SL 3:
Source:
bind-9.2.4-22.el3.src.rpm
x86_64:
bind-9.2.4-22.el3.x86_64.rpm
bind-chroot-9.2.4-22.el3.x86_64.rpm
bind-devel-9.2.4-22.el3.x86_64.rpm
bind-libs-9.2.4-22.el3.x86_64.rpm
bind-utils-9.2.4-22.el3.x86_64.rpm
SL 4:
Source:
bind-9.2.4-28.0.1.el4.src.rpm
selinux-policy-targeted-1.17.30-2.150.el4.src.rpm
i386:
bind-9.2.4-28.0.1.el4.i386.rpm
bind-chroot-9.2.4-28.0.1.el4.i386.rpm
bind-devel-9.2.4-28.0.1.el4.i386.rpm
bind-libs-9.2.4-28.0.1.el4.i386.rpm
bind-utils-9.2.4-28.0.1.el4.i386.rpm
noarch:
selinux-policy-targeted-1.17.30-2.150.el4.noarch.rpm
selinux-policy-targeted-sources-1.17.30-2.150.el4.noarch.rpm
x86_64:
bind-9.2.4-28.0.1.el4.x86_64.rpm
bind-chroot-9.2.4-28.0.1.el4.x86_64.rpm
bind-devel-9.2.4-28.0.1.el4.x86_64.rpm
bind-libs-9.2.4-28.0.1.el4.i386.rpm
bind-libs-9.2.4-28.0.1.el4.x86_64.rpm
bind-utils-9.2.4-28.0.1.el4.x86_64.rpm
x86_64:
bind-9.2.4-28.0.1.el4.x86_64.rpm
bind-chroot-9.2.4-28.0.1.el4.x86_64.rpm
bind-devel-9.2.4-28.0.1.el4.x86_64.rpm
bind-libs-9.2.4-28.0.1.el4.i386.rpm
bind-libs-9.2.4-28.0.1.el4.x86_64.rpm
bind-utils-9.2.4-28.0.1.el4.x86_64.rpm
SL 5:
Source:
bind-9.3.4-6.0.1.P1.el5_2.src.rpm
selinux-policy-2.4.6-137.1.el5_2.src.rpm
i386:
bind-9.3.4-6.0.1.P1.el5_2.i386.rpm
bind-chroot-9.3.4-6.0.1.P1.el5_2.i386.rpm
bind-devel-9.3.4-6.0.1.P1.el5_2.i386.rpm
bind-libbind-devel-9.3.4-6.0.1.P1.el5_2.i386.rpm
bind-libs-9.3.4-6.0.1.P1.el5_2.i386.rpm
bind-sdb-9.3.4-6.0.1.P1.el5_2.i386.rpm
bind-utils-9.3.4-6.0.1.P1.el5_2.i386.rpm
caching-nameserver-9.3.4-6.0.1.P1.el5_2.i386.rpm
noarch:
selinux-policy-2.4.6-137.1.el5_2.noarch.rpm
selinux-policy-devel-2.4.6-137.1.el5_2.noarch.rpm
selinux-policy-mls-2.4.6-137.1.el5_2.noarch.rpm
selinux-policy-strict-2.4.6-137.1.el5_2.noarch.rpm
selinux-policy-targeted-2.4.6-137.1.el5_2.noarch.rpm
x86_64:
bind-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
bind-chroot-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
bind-devel-9.3.4-6.0.1.P1.el5_2.i386.rpm
bind-devel-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
bind-libbind-devel-9.3.4-6.0.1.P1.el5_2.i386.rpm
bind-libbind-devel-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
bind-libs-9.3.4-6.0.1.P1.el5_2.i386.rpm
bind-libs-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
bind-sdb-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
bind-utils-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
caching-nameserver-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
-Connie Sieh
|
|
|