Date: Thu, 25 Jan 2007 18:16:05 -0500
From: rPath Update Announcements <announce-noreply@rpath.com.>
To: [email protected],
Subject: rPSA-2007-0021-1 bind bind-utils
Message-ID: <45b93a35.XepKpR+dn9c0ABCG%[email protected]>
User-Agent: nail 11.22 3/20/05
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: antivirus-gw at tyumen.ru
rPath Security Advisory: 2007-0021-1
Published: 2007-01-25
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
Remote Deterministic Denial of Service
Updated Versions:
bind=/conary.rpath.com@rpl:devel//1/9.3.4-0.1-1
bind-utils=/conary.rpath.com@rpl:devel//1/9.3.4-0.1-1
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0493http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494
https://issues.rpath.com/browse/RPL-989
Description:
Previous versions of the bind package are vulnerable to two remote
denial of service attacks in which attackers can cause the bind
daemon to to crash or exit unexpectedly by providing malformed
data to the daemon in a DNS request.
