Debian 4.0 Etch DSA-1617-1 Moderate: Fix For Named_t UDP Binding
debian
July 25, 2008
In DSA-1603-1, Debian released an update to the BIND 9 domain name
server, which introduced UDP source port randomization to mitigate
the threat of DNS cache poisoning attacks (i...
Topics Covered
Summary
Because the Debian refpolicy packages are not yet designed with
policy module upgradeability in mind, and because SELinux-enabled
Debian systems often have some degree of site-specific policy
customization, it is difficult to assure that the new bind policy can
be successfully upgraded. To this end, the package upgrade will not
abort if the bind policy update fails. The new policy module can be
found at /usr/share/selinux/refpolicy-targeted/bind.pp after
installation. Administrators wishing to use the bind service policy
can reconcile any policy incompatibilities and install the upgrade
manually thereafter. A more detailed discussion of the corrective
procedure may be found here:
https://wiki.debian.org/SELinux/Issues/BindPortRandomization
For the stable distribution (etch), this problem has been fixed in
version 0.0.20061018-5.1+etch1. The unstable distribution (sid) is
not affected, as subsequent refpolicy releases have incorporated an
analogous change.
We recommend tha...
PREVIOUS
NEXT
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!