Upstream has issued an advisory today (January 13): https://kb.isc.org/article/AA-01078 Updated packages uploaded for Mageia 3 and Cauldron (by Oden). Advisory: ======================== Updated bind packages fix security vulnerability: Because of a defect in handling queries for NSEC3-signed zones, BIND can crash with an "INSIST" failure in name.c when processing queries possessing certain properties. By exploiting this defect an attacker deliberately constructing a query with the right properties could achieve denial of service against an authoritative nameserver serving NSEC3-signed zones (CVE-2014-0591). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591 https://kb.isc.org/article/AA-01078 https://kb.isc.org/article/AA-01080 ======================== Updated packages in core/updates_testing: ======================== bind-9.9.4.P2-1.mga3 bind-sdb-9.9.4.P2-1.mga3 bind-utils-9.9.4.P2-1.mga3 bind-devel-9.9.4.P2-1.mga3 bind-doc-9.9.4.P2-1.mga3 from bind-9.9.4.P2-1.mga3.src.rpm Reproducible: Steps to Reproduce:
Ubuntu has issued an advisory for this on January 13: http://www.ubuntu.com/usn/usn-2081-1/
URL: (none) => http://lwn.net/Vulnerabilities/580403/
Working on it
CC: (none) => ennael1
Tested it here both on i586 and x86_64 Update of the package went smoothly. named was restarted properly. I used the default server in resolv.conf and tested host look up. No problem there, no regresseion
Whiteboard: (none) => mga3-32-ok, mga3-32-ok
Update validated. Thanks. Advisory: Updated bind packages fix security vulnerability: Because of a defect in handling queries for NSEC3-signed zones, BIND can crash with an "INSIST" failure in name.c when processing queries possessing certain properties. By exploiting this defect an attacker deliberately constructing a query with the right properties could achieve denial of service against an authoritative nameserver serving NSEC3-signed zones (CVE-2014-0591). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591 https://kb.isc.org/article/AA-01078 https://kb.isc.org/article/AA-01080 SRPM: bind-9.9.4.P2-1.mga3.src.rpm Could sysadmin please push from core/updates_testing to core/updates. Thank you!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2014-0013.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXEDWhiteboard: mga3-32-ok, mga3-32-ok => advisory mga3-32-ok, mga3-32-ok