SciLinux: CVE-2008-1447 bind SL 3.0.x , SL 4.x, SL 5.x
Summary
Date: Fri, 11 Jul 2008 15:58:48 -0500Reply-To: Connie SiehSender: Security Errata for Scientific Linux From: Connie Sieh Subject: SECURITY errata for bind on SL 3.0.x , SL 4.x, SL 5.xComments: To: scientific Synopsis: Important: bind security updateCVE Names: CVE-2008-1447Description:The DNS protocol protects against spoofing attacks by requiring an attackerto predict both the DNS transaction ID and UDP source port of a request. Inrecent years, a number of papers have found problems with DNSimplementations which make it easier for an attacker to perform DNScache-poisoning attacks.Previous versions of BIND did not use randomized UDP source ports. If anattacker was able to predict the random DNS transaction ID, this could makeDNS cache-poisoning attacks easier. In order to provide more resilience,BIND has been updated to use a range of random UDP source ports.(CVE-2008-1447)Note: This errata also updates SELinux policy to allow BIND to use randomUDP source ports.SL 3:Source: bind-9.2.4-22.el3.src.rpmx86_64: bind-9.2.4-22.el3.x86_64.rpm bind-chroot-9.2.4-22.el3.x86_64.rpm bind-devel-9.2.4-22.el3.x86_64.rpm bind-libs-9.2.4-22.el3.x86_64.rpm bind-utils-9.2.4-22.el3.x86_64.rpmSL 4:Source: bind-9.2.4-28.0.1.el4.src.rpm selinux-policy-targeted-1.17.30-2.150.el4.src.rpmi386: bind-9.2.4-28.0.1.el4.i386.rpm bind-chroot-9.2.4-28.0.1.el4.i386.rpm bind-devel-9.2.4-28.0.1.el4.i386.rpm bind-libs-9.2.4-28.0.1.el4.i386.rpm bind-utils-9.2.4-28.0.1.el4.i386.rpmnoarch: selinux-policy-targeted-1.17.30-2.150.el4.noarch.rpm selinux-policy-targeted-sources-1.17.30-2.150.el4.noarch.rpmx86_64: bind-9.2.4-28.0.1.el4.x86_64.rpm bind-chroot-9.2.4-28.0.1.el4.x86_64.rpm bind-devel-9.2.4-28.0.1.el4.x86_64.rpm bind-libs-9.2.4-28.0.1.el4.i386.rpm bind-libs-9.2.4-28.0.1.el4.x86_64.rpm bind-utils-9.2.4-28.0.1.el4.x86_64.rpmx86_64: bind-9.2.4-28.0.1.el4.x86_64.rpm bind-chroot-9.2.4-28.0.1.el4.x86_64.rpm bind-devel-9.2.4-28.0.1.el4.x86_64.rpm bind-libs-9.2.4-28.0.1.el4.i386.rpm bind-libs-9.2.4-28.0.1.el4.x86_64.rpm bind-utils-9.2.4-28.0.1.el4.x86_64.rpmSL 5:Source: bind-9.3.4-6.0.1.P1.el5_2.src.rpm selinux-policy-2.4.6-137.1.el5_2.src.rpmi386: bind-9.3.4-6.0.1.P1.el5_2.i386.rpm bind-chroot-9.3.4-6.0.1.P1.el5_2.i386.rpm bind-devel-9.3.4-6.0.1.P1.el5_2.i386.rpm bind-libbind-devel-9.3.4-6.0.1.P1.el5_2.i386.rpm bind-libs-9.3.4-6.0.1.P1.el5_2.i386.rpm bind-sdb-9.3.4-6.0.1.P1.el5_2.i386.rpm bind-utils-9.3.4-6.0.1.P1.el5_2.i386.rpm caching-nameserver-9.3.4-6.0.1.P1.el5_2.i386.rpmnoarch: selinux-policy-2.4.6-137.1.el5_2.noarch.rpm selinux-policy-devel-2.4.6-137.1.el5_2.noarch.rpm selinux-policy-mls-2.4.6-137.1.el5_2.noarch.rpm selinux-policy-strict-2.4.6-137.1.el5_2.noarch.rpm selinux-policy-targeted-2.4.6-137.1.el5_2.noarch.rpmx86_64: bind-9.3.4-6.0.1.P1.el5_2.x86_64.rpm bind-chroot-9.3.4-6.0.1.P1.el5_2.x86_64.rpm bind-devel-9.3.4-6.0.1.P1.el5_2.i386.rpm bind-devel-9.3.4-6.0.1.P1.el5_2.x86_64.rpm bind-libbind-devel-9.3.4-6.0.1.P1.el5_2.i386.rpm bind-libbind-devel-9.3.4-6.0.1.P1.el5_2.x86_64.rpm bind-libs-9.3.4-6.0.1.P1.el5_2.i386.rpm bind-libs-9.3.4-6.0.1.P1.el5_2.x86_64.rpm bind-sdb-9.3.4-6.0.1.P1.el5_2.x86_64.rpm bind-utils-9.3.4-6.0.1.P1.el5_2.x86_64.rpm caching-nameserver-9.3.4-6.0.1.P1.el5_2.x86_64.rpm-Connie Sieh