| Description: | Summary:
The remote host is missing an update for the 'bind' package(s) announced via the SSA:2009-210-01 advisory.
Vulnerability Insight:
New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,
11.0, 12.0, 12.1, 12.2, and -current to fix a security issue.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
[link moved to references]
ISC has published an announcement here:
[link moved to references]
And CERT has published an advisory here:
[link moved to references]
Here are the details from the Slackware 12.2 ChangeLog:
+--------------------------+
patches/packages/bind-9.4.3_P3-i486-1_slack12.2.tgz: Upgraded.
This BIND update fixes a security problem where a specially crafted
dynamic update message packet will cause named to exit resulting in
a denial of service.
An active remote exploit is in wide circulation at this time.
For more information, see:
[links moved to references]
(* Security fix *)
+--------------------------+
Affected Software/OS:
'bind' package(s) on Slackware 8.1, Slackware 9.0, Slackware 9.1, Slackware 10.0, Slackware 10.1, Slackware 10.2, Slackware 11.0, Slackware 12.0, Slackware 12.1, Slackware 12.2, Slackware current.
Solution:
Please install the updated package(s).
CVSS Score:
4.3
CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
