What Are You Looking For?

Sign Up
Date:         Fri, 11 Jul 2008 15:58:48 -0500
Reply-To:     Connie Sieh 
Sender:       Security Errata for Scientific Linux
              
From:         Connie Sieh 
Subject:      SECURITY errata for bind on SL 3.0.x , SL 4.x, SL 5.x
Comments: To: scientific 

Synopsis:          Important: bind security update
CVE Names:         CVE-2008-1447
Description:

The DNS protocol protects against spoofing attacks by requiring an attacker
to predict both the DNS transaction ID and UDP source port of a request. In
recent years, a number of papers have found problems with DNS
implementations which make it easier for an attacker to perform DNS
cache-poisoning attacks.

Previous versions of BIND did not use randomized UDP source ports. If an
attacker was able to predict the random DNS transaction ID, this could make
DNS cache-poisoning attacks easier. In order to provide more resilience,
BIND has been updated to use a range of random UDP source ports.
(CVE-2008-1447)

Note: This errata also updates SELinux policy to allow BIND to use random
UDP source ports.

SL 3:

Source:
 	bind-9.2.4-22.el3.src.rpm

x86_64:
 	bind-9.2.4-22.el3.x86_64.rpm
 	bind-chroot-9.2.4-22.el3.x86_64.rpm
 	bind-devel-9.2.4-22.el3.x86_64.rpm
 	bind-libs-9.2.4-22.el3.x86_64.rpm
 	bind-utils-9.2.4-22.el3.x86_64.rpm

SL 4:

Source:
 	bind-9.2.4-28.0.1.el4.src.rpm
 	selinux-policy-targeted-1.17.30-2.150.el4.src.rpm

i386:
 	bind-9.2.4-28.0.1.el4.i386.rpm
 	bind-chroot-9.2.4-28.0.1.el4.i386.rpm
 	bind-devel-9.2.4-28.0.1.el4.i386.rpm
 	bind-libs-9.2.4-28.0.1.el4.i386.rpm
 	bind-utils-9.2.4-28.0.1.el4.i386.rpm

noarch:
 	selinux-policy-targeted-1.17.30-2.150.el4.noarch.rpm
 	selinux-policy-targeted-sources-1.17.30-2.150.el4.noarch.rpm

x86_64:
 	bind-9.2.4-28.0.1.el4.x86_64.rpm
 	bind-chroot-9.2.4-28.0.1.el4.x86_64.rpm
 	bind-devel-9.2.4-28.0.1.el4.x86_64.rpm
 	bind-libs-9.2.4-28.0.1.el4.i386.rpm
 	bind-libs-9.2.4-28.0.1.el4.x86_64.rpm
 	bind-utils-9.2.4-28.0.1.el4.x86_64.rpm

x86_64:
 	bind-9.2.4-28.0.1.el4.x86_64.rpm
 	bind-chroot-9.2.4-28.0.1.el4.x86_64.rpm
 	bind-devel-9.2.4-28.0.1.el4.x86_64.rpm
 	bind-libs-9.2.4-28.0.1.el4.i386.rpm
 	bind-libs-9.2.4-28.0.1.el4.x86_64.rpm
 	bind-utils-9.2.4-28.0.1.el4.x86_64.rpm

SL 5:

Source:
 	bind-9.3.4-6.0.1.P1.el5_2.src.rpm
 	selinux-policy-2.4.6-137.1.el5_2.src.rpm

i386:
 	bind-9.3.4-6.0.1.P1.el5_2.i386.rpm
 	bind-chroot-9.3.4-6.0.1.P1.el5_2.i386.rpm
 	bind-devel-9.3.4-6.0.1.P1.el5_2.i386.rpm
 	bind-libbind-devel-9.3.4-6.0.1.P1.el5_2.i386.rpm
 	bind-libs-9.3.4-6.0.1.P1.el5_2.i386.rpm
 	bind-sdb-9.3.4-6.0.1.P1.el5_2.i386.rpm
 	bind-utils-9.3.4-6.0.1.P1.el5_2.i386.rpm
 	caching-nameserver-9.3.4-6.0.1.P1.el5_2.i386.rpm

noarch:
 	selinux-policy-2.4.6-137.1.el5_2.noarch.rpm
 	selinux-policy-devel-2.4.6-137.1.el5_2.noarch.rpm
 	selinux-policy-mls-2.4.6-137.1.el5_2.noarch.rpm
 	selinux-policy-strict-2.4.6-137.1.el5_2.noarch.rpm
 	selinux-policy-targeted-2.4.6-137.1.el5_2.noarch.rpm

x86_64:
 	bind-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
 	bind-chroot-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
 	bind-devel-9.3.4-6.0.1.P1.el5_2.i386.rpm
 	bind-devel-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
 	bind-libbind-devel-9.3.4-6.0.1.P1.el5_2.i386.rpm
 	bind-libbind-devel-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
 	bind-libs-9.3.4-6.0.1.P1.el5_2.i386.rpm
 	bind-libs-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
 	bind-sdb-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
 	bind-utils-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
 	caching-nameserver-9.3.4-6.0.1.P1.el5_2.x86_64.rpm

-Connie Sieh

SciLinux: CVE-2008-1447 bind SL 3.0.x , SL 4.x, SL 5.x

Important: bind security update

Summary

Date:         Fri, 11 Jul 2008 15:58:48 -0500Reply-To:     Connie Sieh Sender:       Security Errata for Scientific Linux              From:         Connie Sieh Subject:      SECURITY errata for bind on SL 3.0.x , SL 4.x, SL 5.xComments: To: scientific Synopsis:          Important: bind security updateCVE Names:         CVE-2008-1447Description:The DNS protocol protects against spoofing attacks by requiring an attackerto predict both the DNS transaction ID and UDP source port of a request. Inrecent years, a number of papers have found problems with DNSimplementations which make it easier for an attacker to perform DNScache-poisoning attacks.Previous versions of BIND did not use randomized UDP source ports. If anattacker was able to predict the random DNS transaction ID, this could makeDNS cache-poisoning attacks easier. In order to provide more resilience,BIND has been updated to use a range of random UDP source ports.(CVE-2008-1447)Note: This errata also updates SELinux policy to allow BIND to use randomUDP source ports.SL 3:Source: 	bind-9.2.4-22.el3.src.rpmx86_64: 	bind-9.2.4-22.el3.x86_64.rpm 	bind-chroot-9.2.4-22.el3.x86_64.rpm 	bind-devel-9.2.4-22.el3.x86_64.rpm 	bind-libs-9.2.4-22.el3.x86_64.rpm 	bind-utils-9.2.4-22.el3.x86_64.rpmSL 4:Source: 	bind-9.2.4-28.0.1.el4.src.rpm 	selinux-policy-targeted-1.17.30-2.150.el4.src.rpmi386: 	bind-9.2.4-28.0.1.el4.i386.rpm 	bind-chroot-9.2.4-28.0.1.el4.i386.rpm 	bind-devel-9.2.4-28.0.1.el4.i386.rpm 	bind-libs-9.2.4-28.0.1.el4.i386.rpm 	bind-utils-9.2.4-28.0.1.el4.i386.rpmnoarch: 	selinux-policy-targeted-1.17.30-2.150.el4.noarch.rpm 	selinux-policy-targeted-sources-1.17.30-2.150.el4.noarch.rpmx86_64: 	bind-9.2.4-28.0.1.el4.x86_64.rpm 	bind-chroot-9.2.4-28.0.1.el4.x86_64.rpm 	bind-devel-9.2.4-28.0.1.el4.x86_64.rpm 	bind-libs-9.2.4-28.0.1.el4.i386.rpm 	bind-libs-9.2.4-28.0.1.el4.x86_64.rpm 	bind-utils-9.2.4-28.0.1.el4.x86_64.rpmx86_64: 	bind-9.2.4-28.0.1.el4.x86_64.rpm 	bind-chroot-9.2.4-28.0.1.el4.x86_64.rpm 	bind-devel-9.2.4-28.0.1.el4.x86_64.rpm 	bind-libs-9.2.4-28.0.1.el4.i386.rpm 	bind-libs-9.2.4-28.0.1.el4.x86_64.rpm 	bind-utils-9.2.4-28.0.1.el4.x86_64.rpmSL 5:Source: 	bind-9.3.4-6.0.1.P1.el5_2.src.rpm 	selinux-policy-2.4.6-137.1.el5_2.src.rpmi386: 	bind-9.3.4-6.0.1.P1.el5_2.i386.rpm 	bind-chroot-9.3.4-6.0.1.P1.el5_2.i386.rpm 	bind-devel-9.3.4-6.0.1.P1.el5_2.i386.rpm 	bind-libbind-devel-9.3.4-6.0.1.P1.el5_2.i386.rpm 	bind-libs-9.3.4-6.0.1.P1.el5_2.i386.rpm 	bind-sdb-9.3.4-6.0.1.P1.el5_2.i386.rpm 	bind-utils-9.3.4-6.0.1.P1.el5_2.i386.rpm 	caching-nameserver-9.3.4-6.0.1.P1.el5_2.i386.rpmnoarch: 	selinux-policy-2.4.6-137.1.el5_2.noarch.rpm 	selinux-policy-devel-2.4.6-137.1.el5_2.noarch.rpm 	selinux-policy-mls-2.4.6-137.1.el5_2.noarch.rpm 	selinux-policy-strict-2.4.6-137.1.el5_2.noarch.rpm 	selinux-policy-targeted-2.4.6-137.1.el5_2.noarch.rpmx86_64: 	bind-9.3.4-6.0.1.P1.el5_2.x86_64.rpm 	bind-chroot-9.3.4-6.0.1.P1.el5_2.x86_64.rpm 	bind-devel-9.3.4-6.0.1.P1.el5_2.i386.rpm 	bind-devel-9.3.4-6.0.1.P1.el5_2.x86_64.rpm 	bind-libbind-devel-9.3.4-6.0.1.P1.el5_2.i386.rpm 	bind-libbind-devel-9.3.4-6.0.1.P1.el5_2.x86_64.rpm 	bind-libs-9.3.4-6.0.1.P1.el5_2.i386.rpm 	bind-libs-9.3.4-6.0.1.P1.el5_2.x86_64.rpm 	bind-sdb-9.3.4-6.0.1.P1.el5_2.x86_64.rpm 	bind-utils-9.3.4-6.0.1.P1.el5_2.x86_64.rpm 	caching-nameserver-9.3.4-6.0.1.P1.el5_2.x86_64.rpm-Connie Sieh



Security Fixes

Severity

Related News

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

Footer Logo