Bug 7762 - bind new security issue CVE-2012-5166
: bind new security issue CVE-2012-5166
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: i586 Linux
: Normal Severity: normal
: ---
Assigned To: QA Team
:
: http://lwn.net/Vulnerabilities/519152/
: MGA1TOO MGA2-64-OK MGA2-32-OK MGA1-64...
: validated_update
:
: 7540
  Show dependency treegraph
 
Reported: 2012-10-10 16:35 CEST by David Walser
Modified: 2012-10-11 08:05 CEST (History)
3 users (show)

See Also:
Source RPM: bind-9.9.1.P3-1.mga2.src.rpm
CVE:


Attachments

Description David Walser 2012-10-10 16:35:20 CEST
Mandriva has issued an advisory today (October 10):
http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:162

Updated packages uploaded for Mageia 1 and Mageia 2.

Advisory:
========================

Updated bind packages fix security vulnerability:

A certain combination of records in the RBT could cause named to hang
while populating the additional section of a response.
(CVE-2012-5166).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5166
ftp://ftp.isc.org/isc/bind/9.8.3-P4/CHANGES
ftp://ftp.isc.org/isc/bind/9.9.1-P4/CHANGES
ftp://ftp.isc.org/isc/bind9/9.8.3-P4/RELEASE-NOTES-BIND-9.8.3-P4.txt
ftp://ftp.isc.org/isc/bind9/9.9.1-P4/RELEASE-NOTES-BIND-9.9.1-P4.txt
https://kb.isc.org/article/AA-00801
http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:162
========================

Updated packages in core/updates_testing:
========================
bind-9.8.3P4-1.mga1
bind-utils-9.8.3P4-1.mga1
bind-devel-9.8.3P4-1.mga1
bind-doc-9.8.3P4-1.mga1
bind-9.9.1.P4-1.mga2
bind-sdb-9.9.1.P4-1.mga2
bind-utils-9.9.1.P4-1.mga2
bind-devel-9.9.1.P4-1.mga2
bind-doc-9.9.1.P4-1.mga2

from SRPMS:
bind-9.8.3P4-1.mga1.src.rpm
bind-9.9.1.P4-1.mga2.src.rpm
Comment 1 Dave Hodgins 2012-10-11 06:03:08 CEST
Testing complete Mageia 1 and 2, i586 and x86-64.
Just testing that host and dig work at 127.0.0.1

Could someone from the sysadmin team push the srpm
bind-9.9.1.P4-1.mga2.src.rpm
from Mageia 2 Core Updates Testing to Core Updates and the srpm
bind-9.8.3P4-1.mga1.src.rpm
from Mageia 1 Core Updates Testing to Core Updates

Advisory: Updated bind packages fix security vulnerability:

A certain combination of records in the RBT could cause named to hang
while populating the additional section of a response.
(CVE-2012-5166).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5166
ftp://ftp.isc.org/isc/bind/9.8.3-P4/CHANGES
ftp://ftp.isc.org/isc/bind/9.9.1-P4/CHANGES
ftp://ftp.isc.org/isc/bind9/9.8.3-P4/RELEASE-NOTES-BIND-9.8.3-P4.txt
ftp://ftp.isc.org/isc/bind9/9.9.1-P4/RELEASE-NOTES-BIND-9.9.1-P4.txt
https://kb.isc.org/article/AA-00801
http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:162

https://bugs.mageia.org/show_bug.cgi?id=7762
Comment 2 Thomas Backlund 2012-10-11 08:05:15 CEST
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0287

Note You need to log in before you can comment on or make changes to this bug.