|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Immunix-announce] Immunix Secured OS 7+ bind update
From: Immunix Security Team (security
immunix.com)
Date: Wed Nov 26 2003 - 17:59:24 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----------------------------------------------------------------------
Immunix Secured OS Security Advisory
Packages updated: bind
Affected products: Immunix OS 7+
Bugs fixed: VU#734644 CAN-2003-0914
Date: Mon Oct 27 2003
Advisory ID: IMNX-2003-7+-024-01
Author: Seth Arnold <sarnoldimmunix.com>
-----------------------------------------------------------------------
Description:
A vulnerability has been found in BIND that ".. allows an attacker to
conduct cache poisoning attacks on vulnerable name servers by
convincing the servers to retain invalid negative responses."
Our bind-8.2.3-3.3_imnx_5 packages fix this problem using a patch
derived from the BIND 8.3.7 release. This vulnerability has been named
CAN-2003-0914 by the CVE project.
We'd like to apologize to our US subscribers for the incredibly poor
timing, to release this notice a day before the Thanksgiving holiday.
Our options were limited by ISC, the package maintainer.
References: http://www.kb.cert.org/vuls/id/734644
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0914
Package names and locations:
Precompiled binary packages for Immunix 7+ are available at:
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/bind-8.2.3-3.3_imnx_5.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/bind-devel-8.2.3-3.3_imnx_5.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/bind-utils-8.2.3-3.3_imnx_5.i386.rpm
A source package for Immunix 7+ is available at:
http://download.immunix.org/ImmunixOS/7+/Updates/SRPMS/bind-8.2.3-3.3_imnx_5.src.rpm
Immunix OS 7+ md5sums:
8a5874f96e1c76b11c214ab16e1183f4 RPMS/bind-8.2.3-3.3_imnx_5.i386.rpm
83535ea7a69ab222ccf5c8664bfd66b9 RPMS/bind-devel-8.2.3-3.3_imnx_5.i386.rpm
7669fedc653731bf54cc0dd48b258a8f RPMS/bind-utils-8.2.3-3.3_imnx_5.i386.rpm
445c908f0c4daffe0a153bc7e5514a85 SRPMS/bind-8.2.3-3.3_imnx_5.src.rpm
GPG verification:
Our public keys are available at http://download.immunix.org/GPG_KEY
Immunix, Inc., has changed policy with GPG keys. We maintain several
keys now: C53B2B53 for Immunix 7+ package signing, D3BA6C17 for
Immunix 7.3 package signing, and 1B7456DA for general security issues.
NOTE:
Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html
ImmunixOS 6.2 is no longer officially supported.
ImmunixOS 7.0 is no longer officially supported.
Contact information:
To report vulnerabilities, please contact securityimmunix.com.
Immunix attempts to conform to the RFP vulnerability disclosure protocol
http://www.wiretrip.net/rfp/policy.html.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE/xT5an5I6Lxt0VtoRAiJXAKCX1iqoBsICG85qjWmnl8W6N4bybwCg41bO
T2CFURviXae3LlCL213i+dw=
=V+K3
-----END PGP SIGNATURE-----
_______________________________________________
Immunix-announce mailing list
Immunix-announcewirex.com
http://mail.wirex.com/mailman/listinfo/immunix-announce
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]