FS#10880 - Big security issue in DNS protocol. bind must be upgraded.
Attached to Project:
Arch Linux
Opened by Damien Herraud (bapman) - Thursday, 10 July 2008, 16:25 GMT
Last edited by Kevin Piche (kpiche) - Monday, 14 July 2008, 02:07 GMT
Opened by Damien Herraud (bapman) - Thursday, 10 July 2008, 16:25 GMT
Last edited by Kevin Piche (kpiche) - Monday, 14 July 2008, 02:07 GMT
|
Details
Description:
The security issue is described here : http://www.kb.cert.org/vuls/id/800113 or : http://www.isc.org/sw/bind/bind-security.php. bind must be upgraded to 9.5.0-P1 I doubt that anybody uses Arch to run a public DNS server so I didn't put a critical security level ! Note that every DNS server software must be upgraded since the issue is in the DNS protocol, not in the code. I only know bind... Additional info: * package version(s) : bind 9.4.2-1 in Extra and bind 9.5.0-1 in Testing are not up-to-date and so concerned by the security issue. |
This task depends upon
Closed by Kevin Piche (kpiche)
Monday, 14 July 2008, 02:07 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed in dnsutils/bind 9.5.0-2
Monday, 14 July 2008, 02:07 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed in dnsutils/bind 9.5.0-2
http://www.isc.org/index.pl?/sw/bind/bind-security.php
I didn't even take the time to read the description !
Note that glibc's internal resolver library is based on BIND8 and is also vulnerable to some extent. If traffic between your DNS server in resolv.conf and your box can be spoofed, your machine can suffer from this issue also.