Forum: >>> Magnum BBS <<<

[SECURITY] [DSA-2130-1] New BIND packages fix denial of service (1/4)

From Florian Weimer@1:229/2 to All on Fri Dec 10 21:30:02 2010

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-2130-1 [email protected] http://www.debian.org/security/ Florian Weimer December 10, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : bind9
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2010-3762 CVE-2010-3614 CVE-2010-3613

Several remote vulnerabilities have been discovered in BIND, an
implementation of the DNS protocol suite. The Common Vulnerabilities
and Exposures project identifies the following problems:

CVE-2010-3762
When DNSSEC validation is enabled, BIND does not properly
handle certain bad signatures if multiple trust anchors exist
for a single zone, which allows remote attackers to cause a
denial of service (server crash) via a DNS query.

CVE-2010-3614
BIND does not properly determine the security status of an NS
RRset during a DNSKEY algorithm rollover, which may lead to
zone unavailability during rollovers.

CVE-2010-3613
BIND does not properly handle the combination of signed
negative responses and corresponding RRSIG records in the
cache, which allows remote attackers to cause a denial of
service (server crash) via a query for cached data.

In addition, this security update improves compatibility with
previously installed versions of the bind9 package. As a result, it
is necessary to initiate the update with "apt-get dist-upgrade"
instead of "apt-get update".

For the stable distribution (lenny), these problems have been fixed in
version 1:9.6.ESV.R3+dfsg-0+lenny1.

For the upcoming stable distribution (squeeze) and the unstable
distribution (sid), these problems have been fixed in version 1:9.7.2.dfsg.P3-1.

We recommend that you upgrade your bind9 packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get dist-upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R3+dfsg.orig.tar.gz
Size/MD5 checksum: 5306404 ec28c0b7064129b070dfd66cab1f35ea
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R3+dfsg-0+lenny1.diff.gz
Size/MD5 checksum: 586005 b2a1e7cb005638fef1407292cf5f8157
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R3+dfsg-0+lenny1.dsc
Size/MD5 checksum: 1797 eb8bb4c623d66a15e237c6bc59e3697a

Architecture independent packages:

http://security.debian.org/pool/updates/main/b/bind9/bind9-doc_9.6.ESV.R3+dfsg-0+lenny1_all.deb
Size/MD5 checksum: 283938 12739f36e1f811bccc66ac3a9d1eb432

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
Size/MD5 checksum: 52280 1eba7b3f656e5927fdc0869ca486c6c9
http://security.debian.org/pool/updates/main/b/bind9/libdns58_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
Size/MD5 checksum: 681034 bcdf57464c3663da3aab1e61a9015ae3
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
Size/MD5 checksum: 30728 4bd5408e582314ba7b5a8405ba3159e7
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
Size/MD5 checksum: 293012 52cfe30e7f7f34249757c540b2106ba4
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
Size/MD5 checksum: 155448 c48d973e5a2ff4cc0979af62c7573b34
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
Size/MD5 checksum: 65212 04163c09735b66c26b8d93197cf295b5
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
Size/MD5 checksum: 1742454 6d5b4b19dd0f0ce1cef39a8f43a07f47
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
Size/MD5 checksum: 228138 0e2ba9d48c2c158985aaf26b656b6438
http://security.debian.org/pool/updates/main/b/bind9/libisc50_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
Size/MD5 checksum: 176158 468845e2b97d2bfcd23e5286440217eb
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
Size/MD5 checksum: 34204 0ca1831fc0176c6d4ebb32737b2f0ce6
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
Size/MD5 checksum: 50490 fffba427f7705af5f4f33dce34d703e8
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
Size/MD5 checksum: 116306 a13d106378383543446f8a955aa9985d

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R3+dfsg-0+lenny1_amd64.deb
Size/MD5 checksum: 52326 073cb1ff3b603a1069692f77f75fea72
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R3+dfsg-0+lenny1_amd64.deb
Size/MD5 checksum: 30150 0707d34e4a40061ccf6a0d3837f5c221
http://security.debian.org/pool/updates/main/b/bind9/libisc50_9.6.ESV.R3+dfsg-0+lenny1_amd64.deb
Size/MD5 checksum: 169760 089046616395bf50da2f5033eecf7296
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R3+dfsg-0+lenny1_amd64.deb
Size/MD5 checksum: 49446 b396558bb4df8767b1ee56752deb6898
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R3+dfsg-0+lenny1_amd64.deb
Size/MD5 checksum: 33544 432e3156c02f3bcf07f51ac87be9e5a3
http://security.debian.org/pool/updates/main/b/bind9/libdns58_9.6.ESV.R3+dfsg-0+lenny1_amd64.deb
Size/MD5 checksum: 667748 f6f7b722b7989f2e060dcd8722a00b61
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R3+dfsg-0+lenny1_amd64.deb
Size/MD5 checksum: 107954 6eb3314daed0304d124dce9f95c1135f

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Fri Jun 5 17:52:51 2026
  from Sheboygan, Wi via Telnet
- Gwylbert
  Fri Jun 5 06:28:52 2026
  from Sydney, Nsw via Telnet
- Centurion
  Thu Jun 4 23:42:23 2026
  from Berea, Ohio via Telnet
- Michal Wronka
  Thu Jun 4 23:19:58 2026
  from Wroclaw, Poland via Telnet
- Michal Wronka
  Thu Jun 4 23:17:20 2026
  from Wroclaw, Poland via SSH
- Michal Wronka
  Thu Jun 4 23:13:51 2026
  from Wroclaw, Poland via SSH

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	714
Nodes:	16 (2 / 14)
Uptime:	142:14:47
Calls:	12,088
Calls today:	1
Files:	14,998
Messages:	6,517,451

[SECURITY] [DSA-2130-1] New BIND packages fix denial of service (1/4)

Who's Online

Recent Visitors

System Info