English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 150599 CVE descriptions
and 73533 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2002-0061

Package name:      bind
Summary:           Minor security issue
Date:              2002-07-15
Affected versions: TSL 1.1, 1.2, 1.5

- --------------------------------------------------------------------------

Problem description:
  From CERT Advisory CA-2002-19:
  "A buffer overflow vulnerability exists in multiple implementations
  of DNS resolver libraries.  Operating systems and applications that
  utilize vulnerable DNS resolver libraries may be affected.  A remote
  attacker who is able to send malicious DNS responses could potentially
  exploit this vulnerability to execute arbitrary code or cause a denial
  of service on a vulnerable system."

  As the named daemon is not vulnerable to this problem, we don't consider
  this bug to be critical. Nevertheless we have chosen to upgrade.

Action:
  We recommend that all systems with this package installed are upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All TSL updates are available from
  <URI:http://www.trustix.net/pub/Trustix/updates/>
  <URI:ftp://ftp.trustix.net/pub/Trustix/updates/>


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.

  Get SWUP from:
  <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/>


Public testing:
  These packages have been available for public testing for some time.
  If you want to contribute by testing the various packages in the
  testing tree, please feel free to share your findings on the
  tsl-discuss mailinglist.
  The testing tree is located at
  <URI:http://www.trustix.net/pub/Trustix/testing/>
  <URI:ftp://ftp.trustix.net/pub/Trustix/testing/>
  

Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.net/support/>


Verification:
  This advisory along with all TSL packages are signed with the TSL sign key.
  This key is available from:
  <URI:http://www.trustix.net/TSL-GPG-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.net/errata/trustix-1.2/> and
  <URI:http://www.trustix.net/errata/trustix-1.5/>
  or directly at
  <URI:http://www.trustix.net/errata/misc/2002/TSL-2002-0061-bind.asc.txt>


MD5sums of the packages:
- --------------------------------------------------------------------------
b497f251e91175754f1eaf11157f445c  ./1.5/SRPMS/bind-8.2.6-1tr.src.rpm
d00de9cc58d179d1aea5a2a76f1f3369  ./1.5/RPMS/bind-utils-8.2.6-1tr.i586.rpm
646eabafe4c77ed3b60ebb1d2e3e0292  ./1.5/RPMS/bind-devel-8.2.6-1tr.i586.rpm
25ab9b38033cdff4b4236340dd9dbb8e  ./1.5/RPMS/bind-8.2.6-1tr.i586.rpm
b497f251e91175754f1eaf11157f445c  ./1.2/SRPMS/bind-8.2.6-1tr.src.rpm
5288043ec9c0296c8b4c3040ef66532e  ./1.2/RPMS/bind-utils-8.2.6-1tr.i586.rpm
09d32b2fbe94c3809ff7e3badae4fc4c  ./1.2/RPMS/bind-devel-8.2.6-1tr.i586.rpm
acc648a2ccb2a1f63f06bab5585255bb  ./1.2/RPMS/bind-8.2.6-1tr.i586.rpm
b497f251e91175754f1eaf11157f445c  ./1.1/SRPMS/bind-8.2.6-1tr.src.rpm
b57143e19f81f1025be7606704959c29  ./1.1/RPMS/bind-utils-8.2.6-1tr.i586.rpm
23372c6af2ba3669451db4af4b6abb62  ./1.1/RPMS/bind-devel-8.2.6-1tr.i586.rpm
4257a9b081825e54e9495ae1e03ef582  ./1.1/RPMS/bind-8.2.6-1tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9Mqz/wRTcg4BxxS0RAonPAJ9n4XasuF854p12meU0vNG0NUUgVwCcDjG1
RHVvr0nVREyD/uXnZ+DE/BE=
=tScV
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.