Subject: | |
From: | |
Reply To: | |
Date: | Tue, 15 Jul 2008 15:53:24 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
The rpm's are now up for SL 3.0.x
For SL 5.x there was a quickfix. Different than a fastbug, this is more of a
"oops, we didn't mean to do that." It is going out tonight as well.
SL 5.x
We have updated the Scientific Linux 5 packages in this advisory. The
default and sample caching-nameserver configuration files have been updated
so that they do not specify a fixed query-source port. Administrators
wishing to take advantage of randomized UDP source ports should check their
configuration file to ensure they have not specified fixed query-source ports.
SRPMS:
bind-9.3.4-6.0.2.P1.el5_2.src.rpm
i386:
bind-9.3.4-6.0.2.P1.el5_2.i386.rpm
bind-chroot-9.3.4-6.0.2.P1.el5_2.i386.rpm
bind-devel-9.3.4-6.0.2.P1.el5_2.i386.rpm
bind-libbind-devel-9.3.4-6.0.2.P1.el5_2.i386.rpm
bind-libs-9.3.4-6.0.2.P1.el5_2.i386.rpm
bind-sdb-9.3.4-6.0.2.P1.el5_2.i386.rpm
bind-utils-9.3.4-6.0.2.P1.el5_2.i386.rpm
caching-nameserver-9.3.4-6.0.2.P1.el5_2.i386.rpm
x86_64:
bind-9.3.4-6.0.2.P1.el5_2.x86_64.rpm
bind-chroot-9.3.4-6.0.2.P1.el5_2.x86_64.rpm
bind-devel-9.3.4-6.0.2.P1.el5_2.i386.rpm
bind-devel-9.3.4-6.0.2.P1.el5_2.x86_64.rpm
bind-libbind-devel-9.3.4-6.0.2.P1.el5_2.i386.rpm
bind-libbind-devel-9.3.4-6.0.2.P1.el5_2.x86_64.rpm
bind-libs-9.3.4-6.0.2.P1.el5_2.i386.rpm
bind-libs-9.3.4-6.0.2.P1.el5_2.x86_64.rpm
bind-sdb-9.3.4-6.0.2.P1.el5_2.x86_64.rpm
bind-utils-9.3.4-6.0.2.P1.el5_2.x86_64.rpm
caching-nameserver-9.3.4-6.0.2.P1.el5_2.x86_64.rpm
Troy
Connie Sieh wrote:
> Synopsis: Important: bind security update
> CVE Names: CVE-2008-1447
> Description:
>
> The DNS protocol protects against spoofing attacks by requiring an attacker
> to predict both the DNS transaction ID and UDP source port of a request. In
> recent years, a number of papers have found problems with DNS
> implementations which make it easier for an attacker to perform DNS
> cache-poisoning attacks.
>
> Previous versions of BIND did not use randomized UDP source ports. If an
> attacker was able to predict the random DNS transaction ID, this could make
> DNS cache-poisoning attacks easier. In order to provide more resilience,
> BIND has been updated to use a range of random UDP source ports.
> (CVE-2008-1447)
>
> Note: This errata also updates SELinux policy to allow BIND to use random
> UDP source ports.
>
> SL 3:
>
> Source:
> bind-9.2.4-22.el3.src.rpm
>
> x86_64:
> bind-9.2.4-22.el3.x86_64.rpm
> bind-chroot-9.2.4-22.el3.x86_64.rpm
> bind-devel-9.2.4-22.el3.x86_64.rpm
> bind-libs-9.2.4-22.el3.x86_64.rpm
> bind-utils-9.2.4-22.el3.x86_64.rpm
>
> SL 4:
>
> Source:
> bind-9.2.4-28.0.1.el4.src.rpm
> selinux-policy-targeted-1.17.30-2.150.el4.src.rpm
>
> i386:
> bind-9.2.4-28.0.1.el4.i386.rpm
> bind-chroot-9.2.4-28.0.1.el4.i386.rpm
> bind-devel-9.2.4-28.0.1.el4.i386.rpm
> bind-libs-9.2.4-28.0.1.el4.i386.rpm
> bind-utils-9.2.4-28.0.1.el4.i386.rpm
>
> noarch:
> selinux-policy-targeted-1.17.30-2.150.el4.noarch.rpm
> selinux-policy-targeted-sources-1.17.30-2.150.el4.noarch.rpm
>
> x86_64:
> bind-9.2.4-28.0.1.el4.x86_64.rpm
> bind-chroot-9.2.4-28.0.1.el4.x86_64.rpm
> bind-devel-9.2.4-28.0.1.el4.x86_64.rpm
> bind-libs-9.2.4-28.0.1.el4.i386.rpm
> bind-libs-9.2.4-28.0.1.el4.x86_64.rpm
> bind-utils-9.2.4-28.0.1.el4.x86_64.rpm
>
> x86_64:
> bind-9.2.4-28.0.1.el4.x86_64.rpm
> bind-chroot-9.2.4-28.0.1.el4.x86_64.rpm
> bind-devel-9.2.4-28.0.1.el4.x86_64.rpm
> bind-libs-9.2.4-28.0.1.el4.i386.rpm
> bind-libs-9.2.4-28.0.1.el4.x86_64.rpm
> bind-utils-9.2.4-28.0.1.el4.x86_64.rpm
>
> SL 5:
>
> Source:
> bind-9.3.4-6.0.1.P1.el5_2.src.rpm
> selinux-policy-2.4.6-137.1.el5_2.src.rpm
>
> i386:
> bind-9.3.4-6.0.1.P1.el5_2.i386.rpm
> bind-chroot-9.3.4-6.0.1.P1.el5_2.i386.rpm
> bind-devel-9.3.4-6.0.1.P1.el5_2.i386.rpm
> bind-libbind-devel-9.3.4-6.0.1.P1.el5_2.i386.rpm
> bind-libs-9.3.4-6.0.1.P1.el5_2.i386.rpm
> bind-sdb-9.3.4-6.0.1.P1.el5_2.i386.rpm
> bind-utils-9.3.4-6.0.1.P1.el5_2.i386.rpm
> caching-nameserver-9.3.4-6.0.1.P1.el5_2.i386.rpm
>
> noarch:
> selinux-policy-2.4.6-137.1.el5_2.noarch.rpm
> selinux-policy-devel-2.4.6-137.1.el5_2.noarch.rpm
> selinux-policy-mls-2.4.6-137.1.el5_2.noarch.rpm
> selinux-policy-strict-2.4.6-137.1.el5_2.noarch.rpm
> selinux-policy-targeted-2.4.6-137.1.el5_2.noarch.rpm
>
> x86_64:
> bind-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
> bind-chroot-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
> bind-devel-9.3.4-6.0.1.P1.el5_2.i386.rpm
> bind-devel-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
> bind-libbind-devel-9.3.4-6.0.1.P1.el5_2.i386.rpm
> bind-libbind-devel-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
> bind-libs-9.3.4-6.0.1.P1.el5_2.i386.rpm
> bind-libs-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
> bind-sdb-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
> bind-utils-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
> caching-nameserver-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
>
> -Connie Sieh
--
__________________________________________________
Troy Dawson [log in to unmask] (630)840-6468
Fermilab ComputingDivision/LCSI/CSI DSS Group
__________________________________________________
|
|
|