Description: | Description:
The remote host is missing an update to bind announced via advisory FEDORA-2008-6256.
BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses a resolver library (routines for applications to use when interfacing with DNS) and tools for verifying that the DNS server is operating properly.
Update Information:
9.5.0-P1 release which contains fix for CVE-2008-1447. This update also fixes typo in bind-sdb script_summary( and fixes parsing of inner ACLs. ChangeLog:
* Tue Jul 8 2008 Adam Tkac 32:9.5.0-33.P1 - 9.5.0-P1 release (CVE-2008-1447) - fixed typo in bind-sdb script_summary( (#454436) * Wed Jun 18 2008 Adam Tkac 32:9.5.0-32.2 - parse inner acls correctly (#450995) * Thu May 29 2008 Adam Tkac 32:9.5.0-32.1 - 9.5.0 final - bind-9.5-initialize.patch merged to upstream
References:
[ 1 ] Bug #449345 - CVE-2008-1447 implement source UDP port randomization (CERT VU#800113) https://bugzilla.redhat.com/show_bug.cgi?id=449345
Solution: Apply the appropriate updates.
This update can be installed with the yum update program. Use su -c 'yum update bind' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/.
http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2008-6256
Risk factor : High
CVSS Score: 6.4
|