Mandriva

Package name bind Date September 8th, 2006 Advisory ID MDKSA-2006:163 Affected versions CS3.0, MNF2.0, 2006.0 Synopsis Updated bind packages fix DoS vulnerabilities

Problem Description

A vulnerability in BIND was discovered where it did not sufficiently
verify particular requests and responses from other name servers and
users. This could be exploited by sending a specially crafted packet
to crash the name server.

Updated packages have been patched to address these issues.

Updated Packages

Corporate Server 3.0

 266e42515e70f0f18c52c0995e373734  corporate/3.0/RPMS/bind-9.2.3-6.1.C30mdk.i586.rpm
 cc4cff0ef231e51c91a4a8a5b7fcc1ab  corporate/3.0/RPMS/bind-devel-9.2.3-6.1.C30mdk.i586.rpm
 8646f8d5e9e5b4a0bb5c647634c9a505  corporate/3.0/RPMS/bind-utils-9.2.3-6.1.C30mdk.i586.rpm
 3eeb44b4945e7ddc8a88c8face7ad8ee  corporate/3.0/SRPMS/bind-9.2.3-6.1.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 5074018335e826c9f144c32bae33d1a1  x86_64/corporate/3.0/RPMS/bind-9.2.3-6.1.C30mdk.x86_64.rpm
 457f01b9c2fb71e52d5fda98d39e6a50  x86_64/corporate/3.0/RPMS/bind-devel-9.2.3-6.1.C30mdk.x86_64.rpm
 e1bd6a27addb41c1f40751eda2b97b39  x86_64/corporate/3.0/RPMS/bind-utils-9.2.3-6.1.C30mdk.x86_64.rpm
 3eeb44b4945e7ddc8a88c8face7ad8ee  x86_64/corporate/3.0/SRPMS/bind-9.2.3-6.1.C30mdk.src.rpm

Multi Network Firewall 2.0

 73a6f4e4b2b88017aab39159930b951c  mnf/2.0/RPMS/bind-9.2.3-6.1.M20mdk.i586.rpm
 f061e1e2fee72bc8e354fe9de6a28999  mnf/2.0/RPMS/bind-utils-9.2.3-6.1.M20mdk.i586.rpm
 889150fc6c3befeb2c6b0f06b266d276  mnf/2.0/SRPMS/bind-9.2.3-6.1.M20mdk.src.rpm

Mandriva Linux 2006

 f14e95ff19bfa75c7929ee3b21798a95  2006.0/RPMS/bind-9.3.1-4.1.20060mdk.i586.rpm
 38f966e11d12de632500bfd2800c1623  2006.0/RPMS/bind-devel-9.3.1-4.1.20060mdk.i586.rpm
 198704fc19b3e67915d77f97cf419b48  2006.0/RPMS/bind-utils-9.3.1-4.1.20060mdk.i586.rpm
 152c8a9ecbe966090d662b1846bfe60e  2006.0/SRPMS/bind-9.3.1-4.1.20060mdk.src.rpm

Mandriva Linux 2006/X86_64

 4643bbda03257d26c1f1357d583d9874  x86_64/2006.0/RPMS/bind-9.3.1-4.1.20060mdk.x86_64.rpm
 644fd85e5ba97de405a2fad3104160ef  x86_64/2006.0/RPMS/bind-devel-9.3.1-4.1.20060mdk.x86_64.rpm
 38b5633ab5f389a3a7d016bad9e8aed5  x86_64/2006.0/RPMS/bind-utils-9.3.1-4.1.20060mdk.x86_64.rpm
 152c8a9ecbe966090d662b1846bfe60e  x86_64/2006.0/SRPMS/bind-9.3.1-4.1.20060mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4096

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm
                

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.