Slackware Local Security Checks : Slackware: Security Advisory (SSA:2009-336-01)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.66461

Categoría: Slackware Local Security Checks

Título: Slackware: Security Advisory (SSA:2009-336-01)

Resumen: The remote host is missing an update for the 'bind' package(s) announced via the SSA:2009-336-01 advisory.

Descripción: Summary:
The remote host is missing an update for the 'bind' package(s) announced via the SSA:2009-336-01 advisory.

Vulnerability Insight:
New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,
11.0, 12.0, 12.1, 12.2, 13.0, and -current to fix a security issue.

More details about this issue may be found here:
[links moved to references]

Here are the details from the Slackware 13.0 ChangeLog:
+--------------------------+
Wed Dec 2 20:51:55 UTC 2009
patches/packages/bind-9.4.3_P4-i486-1_slack13.0.txz: Upgraded.
BIND 9.4.3-P4 is a SECURITY PATCH for BIND 9.4.3-P3. It addresses a
potential cache poisoning vulnerability, in which data in the additional
section of a response could be cached without proper DNSSEC validation.
For more information, see:
[links moved to references]
(* Security fix *)
+--------------------------+

Affected Software/OS:
'bind' package(s) on Slackware 8.1, Slackware 9.0, Slackware 9.1, Slackware 10.0, Slackware 10.1, Slackware 10.2, Slackware 11.0, Slackware 12.0, Slackware 12.1, Slackware 12.2, Slackware 13.0, Slackware current.

Solution:
Please install the updated package(s).

CVSS Score:
2.6

CVSS Vector:
AV:N/AC:H/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-4022
1021660
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021660.1-1
1021798
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1
37118
http://www.securityfocus.com/bid/37118
37426
http://secunia.com/advisories/37426
37491
http://secunia.com/advisories/37491
38219
http://secunia.com/advisories/38219
38240
http://secunia.com/advisories/38240
38794
http://secunia.com/advisories/38794
38834
http://secunia.com/advisories/38834
39334
http://secunia.com/advisories/39334
40730
http://secunia.com/advisories/40730
60493
http://osvdb.org/60493
ADV-2009-3335
http://www.vupen.com/english/advisories/2009/3335
ADV-2010-0176
http://www.vupen.com/english/advisories/2010/0176
ADV-2010-0528
http://www.vupen.com/english/advisories/2010/0528
ADV-2010-0622
http://www.vupen.com/english/advisories/2010/0622
APPLE-SA-2011-10-12-3
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
FEDORA-2009-12218
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01172.html
FEDORA-2009-12233
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01188.html
IZ68597
http://www.ibm.com/support/docview.wss?uid=isg1IZ68597
IZ71667
http://www.ibm.com/support/docview.wss?uid=isg1IZ71667
IZ71774
http://www.ibm.com/support/docview.wss?uid=isg1IZ71774
MDVSA-2009:304
http://www.mandriva.com/security/advisories?name=MDVSA-2009:304
RHSA-2009:1620
http://www.redhat.com/support/errata/RHSA-2009-1620.html
USN-888-1
http://www.ubuntu.com/usn/USN-888-1
VU#418861
http://www.kb.cert.org/vuls/id/418861
[oss-security] 20091124 CVE request: BIND 9 bug involving DNSSEC and the additional section
http://www.openwall.com/lists/oss-security/2009/11/24/2
[oss-security] 20091124 Re: a new bind issue
http://www.openwall.com/lists/oss-security/2009/11/24/8
[oss-security] 20091124 a new bind issue
http://www.openwall.com/lists/oss-security/2009/11/24/1
[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
bind-dnssec-cache-poisoning(54416)
https://exchange.xforce.ibmcloud.com/vulnerabilities/54416
ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt
http://aix.software.ibm.com/aix/efixes/security/bind9_advisory.asc
http://support.apple.com/kb/HT5002
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018
https://bugzilla.redhat.com/show_bug.cgi?id=538744
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488
https://issues.rpath.com/browse/RPL-3152
https://www.isc.org/advisories/CVE-2009-4022v6
https://www.isc.org/advisories/CVE2009-4022
oval:org.mitre.oval:def:10821
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10821
oval:org.mitre.oval:def:11745
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11745
oval:org.mitre.oval:def:7261
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7261
oval:org.mitre.oval:def:7459
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7459

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.66461
Categoría:	Slackware Local Security Checks
Título:	Slackware: Security Advisory (SSA:2009-336-01)
Resumen:	The remote host is missing an update for the 'bind' package(s) announced via the SSA:2009-336-01 advisory.
Descripción:	Summary: The remote host is missing an update for the 'bind' package(s) announced via the SSA:2009-336-01 advisory. Vulnerability Insight: New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, and -current to fix a security issue. More details about this issue may be found here: [links moved to references] Here are the details from the Slackware 13.0 ChangeLog: +--------------------------+ Wed Dec 2 20:51:55 UTC 2009 patches/packages/bind-9.4.3_P4-i486-1_slack13.0.txz: Upgraded. BIND 9.4.3-P4 is a SECURITY PATCH for BIND 9.4.3-P3. It addresses a potential cache poisoning vulnerability, in which data in the additional section of a response could be cached without proper DNSSEC validation. For more information, see: [links moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'bind' package(s) on Slackware 8.1, Slackware 9.0, Slackware 9.1, Slackware 10.0, Slackware 10.1, Slackware 10.2, Slackware 11.0, Slackware 12.0, Slackware 12.1, Slackware 12.2, Slackware 13.0, Slackware current. Solution: Please install the updated package(s). CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4022 1021660 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021660.1-1 1021798 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1 37118 http://www.securityfocus.com/bid/37118 37426 http://secunia.com/advisories/37426 37491 http://secunia.com/advisories/37491 38219 http://secunia.com/advisories/38219 38240 http://secunia.com/advisories/38240 38794 http://secunia.com/advisories/38794 38834 http://secunia.com/advisories/38834 39334 http://secunia.com/advisories/39334 40730 http://secunia.com/advisories/40730 60493 http://osvdb.org/60493 ADV-2009-3335 http://www.vupen.com/english/advisories/2009/3335 ADV-2010-0176 http://www.vupen.com/english/advisories/2010/0176 ADV-2010-0528 http://www.vupen.com/english/advisories/2010/0528 ADV-2010-0622 http://www.vupen.com/english/advisories/2010/0622 APPLE-SA-2011-10-12-3 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html FEDORA-2009-12218 https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01172.html FEDORA-2009-12233 https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01188.html IZ68597 http://www.ibm.com/support/docview.wss?uid=isg1IZ68597 IZ71667 http://www.ibm.com/support/docview.wss?uid=isg1IZ71667 IZ71774 http://www.ibm.com/support/docview.wss?uid=isg1IZ71774 MDVSA-2009:304 http://www.mandriva.com/security/advisories?name=MDVSA-2009:304 RHSA-2009:1620 http://www.redhat.com/support/errata/RHSA-2009-1620.html USN-888-1 http://www.ubuntu.com/usn/USN-888-1 VU#418861 http://www.kb.cert.org/vuls/id/418861 [oss-security] 20091124 CVE request: BIND 9 bug involving DNSSEC and the additional section http://www.openwall.com/lists/oss-security/2009/11/24/2 [oss-security] 20091124 Re: a new bind issue http://www.openwall.com/lists/oss-security/2009/11/24/8 [oss-security] 20091124 a new bind issue http://www.openwall.com/lists/oss-security/2009/11/24/1 [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates http://lists.vmware.com/pipermail/security-announce/2010/000082.html bind-dnssec-cache-poisoning(54416) https://exchange.xforce.ibmcloud.com/vulnerabilities/54416 ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt http://aix.software.ibm.com/aix/efixes/security/bind9_advisory.asc http://support.apple.com/kb/HT5002 http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018 https://bugzilla.redhat.com/show_bug.cgi?id=538744 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488 https://issues.rpath.com/browse/RPL-3152 https://www.isc.org/advisories/CVE-2009-4022v6 https://www.isc.org/advisories/CVE2009-4022 oval:org.mitre.oval:def:10821 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10821 oval:org.mitre.oval:def:11745 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11745 oval:org.mitre.oval:def:7261 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7261 oval:org.mitre.oval:def:7459 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7459
Copyright	Copyright (C) 2012 Greenbone AG