Test Kennung:	1.3.6.1.4.1.25623.1.0.71984
Kategorie:	Slackware Local Security Checks
Titel:	Slackware: Security Advisory (SSA:2012-166-01)
Zusammenfassung:	The remote host is missing an update for the 'bind' package(s) announced via the SSA:2012-166-01 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'bind' package(s) announced via the SSA:2012-166-01 advisory. Vulnerability Insight: New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ This release fixes an issue that could crash BIND, leading to a denial of service. It also fixes the so-called 'ghost names attack' whereby a remote attacker may trigger continued resolvability of revoked domain names. For more information, see: [links moved to references] (* Security fix *) +--------------------------+ On Slackware 8.1, only CVE-2012-1667 was patched (see ChangeLog). IMPORTANT NOTE FOR ON SLACKWARE 9.0 - 13.1: These versions were upgraded with a new version of BIND, _not_ a patched one. It is likely to be more strict about the correctness of configuration files. Care should be taken about deploying this upgrade on production servers to avoid an unintended interruption of service. Affected Software/OS: 'bind' package(s) on Slackware 8.1, Slackware 9.0, Slackware 9.1, Slackware 10.0, Slackware 10.1, Slackware 10.2, Slackware 11.0, Slackware 12.0, Slackware 12.1, Slackware 12.2, Slackware 13.0, Slackware 13.1, Slackware 13.37, Slackware current. Solution: Please install the updated package(s). CVSS Score: 8.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1033 BugTraq ID: 51898 http://www.securityfocus.com/bid/51898 CERT/CC vulnerability note: VU#542123 http://www.kb.cert.org/vuls/id/542123 HPdes Security Advisory: HPSBUX02835 http://marc.info/?l=bugtraq&m=135638082529878&w=2 HPdes Security Advisory: SSRT100763 http://osvdb.org/78916 RedHat Security Advisories: RHSA-2012:0717 http://rhn.redhat.com/errata/RHSA-2012-0717.html http://www.securitytracker.com/id?1026647 http://secunia.com/advisories/47884 SuSE Security Announcement: openSUSE-SU-2012:0863 (Google Search) https://hermes.opensuse.org/messages/15136456 SuSE Security Announcement: openSUSE-SU-2012:0864 (Google Search) https://hermes.opensuse.org/messages/15136477 XForce ISS Database: isc-bind-update-sec-bypass(73053) https://exchange.xforce.ibmcloud.com/vulnerabilities/73053 Common Vulnerability Exposure (CVE) ID: CVE-2012-1667 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html BugTraq ID: 53772 http://www.securityfocus.com/bid/53772 CERT/CC vulnerability note: VU#381699 http://www.kb.cert.org/vuls/id/381699 Debian Security Information: DSA-2486 (Google Search) http://www.debian.org/security/2012/dsa-2486 HPdes Security Advisory: HPSBUX02795 http://marc.info/?l=bugtraq&m=134132772016230&w=2 HPdes Security Advisory: SSRT100878 http://www.mandriva.com/security/advisories?name=MDVSA-2012:089 RedHat Security Advisories: RHSA-2012:1110 http://rhn.redhat.com/errata/RHSA-2012-1110.html http://secunia.com/advisories/51096 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.536004 SuSE Security Announcement: SUSE-SU-2012:0741 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00010.html SuSE Security Announcement: openSUSE-SU-2012:0722 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00005.html
Copyright	Copyright (C) 2012 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.