From Fedora Project Wiki

< FSA‎ | F7
Revision as of 14:13, 24 May 2008 by fp-wiki>ImportUser (Imported from MoinMoin)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

[SECURITY] Fedora 7 Update: bind-9.4.1-7.P1.fc7

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-1247
2007-07-24 22:15:28.360859
--------------------------------------------------------------------------------

Name        : bind
Product     : Fedora 7
Version     : 9.4.1
Release     : 7.P1.fc7
Summary     : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server.
Description :
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named),
which resolves host names to IP addresses; a resolver library
(routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating properly.

--------------------------------------------------------------------------------
Update Information:

- CVE-2007-2925 - allow-query-cache/allow-recursion default acls not set
- workaround - disable recursion or explicitly set allow-query-cache and allow-recursion acls

- CVE-2007-2926 - cryptographically weak query id generator
- 1 in 8 chance of guessing the next query id for 50% of the query ids
- allows cache-poisoning type of attack, no workaround, affect only outgoing queries
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 24 2007 Adam Tkac <atkac redhat com> 31:9.4.1-7.P1.fc7
- updated to latest upstream (contains fixes for CVE-2007-2925 and
CVE-2007-2926)
* Thu Jun 21 2007 Adam Tkac <atkac redhat com> 31:9.4.1-6.1.fc7
- minor changes in caching-nameserver configuration
* Mon Jun 18 2007 Adam Tkac <atkac redhat com> 31:9.4.1-6.fc7
- major changes in default caching-nameserver configuration (configuration
could now honor RFCs, #243565)
* Tue Jun  5 2007 Adam Tkac <atkac redhat com> 31:9.4.1-5.fc7
- added /var/named/dynamic directory. This directory is primary designed
for dynamic DNS zones. In future releases named could write only into
dynamic, data and slaves directories
* Thu May 24 2007 Adam Tkac <atkac redhat com> 31:9.4.1-4.fc7
- start using deprecated ldap API
- fix minor bug in bind-chroot-admin (#241103)
* Tue May 15 2007 Adam Tkac <atkac redhat com> 31:9.4.1-3.fc7
- fixed bind-chroot-admin dynamic DNS handling (#239149)
- rewrited ldap backend to latest API (#239802)
- updated zone-freeze patch to latest upstream
* Mon May  7 2007 Adam Tkac <atkac redhat com> 31:9.4.1-2.fc7
- test build on new build system
* Wed May  2 2007 Adam Tkac <atkac redhat com> 31:9.4.1-1.fc7
- updated to 9.4.1 which contains fix to CVE-2007-2241
* Fri Apr 27 2007 Adam Tkac <atkac redhat com> 31:9.4.0-8.fc7
- improved "zone freeze patch" - if multiple zone with same name exists
no zone is freezed
- minor cleanup in caching-nameserver's config file
- fixed race-condition in dbus code (#235809)
- added forgotten restorecon statement in bind-chroot-admin
* Tue Apr 17 2007 Adam Tkac <atkac redhat com> 31:9.4.0-7.fc7
- removed DEBUGINFO option because with this option (default) was bind
builded with -O0 and without this flag no debuginfo package was produced.
(I want faster bind => -O2 + debuginfo)
- fixed zone finding (#236426)
--------------------------------------------------------------------------------
References:

[ 1 ]  CVE-2007-2925
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925
[ 2 ]  CVE-2007-2926
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
--------------------------------------------------------------------------------
Updated packages:

5c712060807e3985fe3d87d9bb9cf162a5cce1ed bind-utils-9.4.1-7.P1.fc7.ppc64.rpm
1f360e332c0a59a9ec5c72519a84d4d291dbe57a caching-nameserver-9.4.1-7.P1.fc7.ppc64.rpm
37733efde8386846d18fb0cdfe5bbda97ab00de8 bind-debuginfo-9.4.1-7.P1.fc7.ppc64.rpm
de4a504275e252eee4e45a41f421e35a6d86f249 bind-chroot-9.4.1-7.P1.fc7.ppc64.rpm
36cabeb0d6cbb690e5c8d95ab400a47e215a3b72 bind-sdb-9.4.1-7.P1.fc7.ppc64.rpm
d421e2d1a07864d25e6611445cbdcb315b130423 bind-devel-9.4.1-7.P1.fc7.ppc64.rpm
01fadba5b6875830f47fc84dd3554b547ea84f3c bind-libs-9.4.1-7.P1.fc7.ppc64.rpm
cabe07e4b5912c5faebe3b36671a727f53dd6b6e bind-9.4.1-7.P1.fc7.ppc64.rpm
ffe3bd57bb56ff8631c5c61a5b31fafed516f648 bind-libs-9.4.1-7.P1.fc7.i386.rpm
3ea3beb0b04fc255d09ae2bca927ba73cccc03a4 caching-nameserver-9.4.1-7.P1.fc7.i386.rpm
2490ed2156eae86acf85cfcddc0c684cce8b8b0e bind-sdb-9.4.1-7.P1.fc7.i386.rpm
9931918e4d54ea74527a99b614d3969a8bf0b3fb bind-utils-9.4.1-7.P1.fc7.i386.rpm
e94f1dc72d6211ea634a25ae8b328e1518a9d6f3 bind-chroot-9.4.1-7.P1.fc7.i386.rpm
82478697d8f95cc857ae9f8e2f6dff5022234a3c bind-devel-9.4.1-7.P1.fc7.i386.rpm
d01e36d4e54b6b7f728c9d9ba3dc1d4c5525ded5 bind-9.4.1-7.P1.fc7.i386.rpm
d536a1fc5f0a8c0efb3d8728b2ac0c3248b36c2d bind-debuginfo-9.4.1-7.P1.fc7.i386.rpm
e8c173577d6bb31e22b114ad27965699d9e04b64 bind-chroot-9.4.1-7.P1.fc7.x86_64.rpm
9b8e09f2f21103ef8c1c634d4686e25c872a3252 bind-9.4.1-7.P1.fc7.x86_64.rpm
7cc1e01f58ec4fe18789ae6b3e7bfed864b23300 bind-libs-9.4.1-7.P1.fc7.x86_64.rpm
fb57380ada5aaa89f967eccec79ec7b1d2bae344 caching-nameserver-9.4.1-7.P1.fc7.x86_64.rpm
3e44c0953023abb963f2523b0d715bfc8e051dcf bind-devel-9.4.1-7.P1.fc7.x86_64.rpm
a8d2153932fb9b28f6b3a47161ee7093efb32853 bind-utils-9.4.1-7.P1.fc7.x86_64.rpm
cca1dc2828e3dce9d0b88e76bb69f47695daded4 bind-sdb-9.4.1-7.P1.fc7.x86_64.rpm
2f8be4b4dceca242a89f293914b76857e24c2a43 bind-debuginfo-9.4.1-7.P1.fc7.x86_64.rpm
936f0b236d97edd54218621de08c48af6c17df99 bind-chroot-9.4.1-7.P1.fc7.ppc.rpm
285395a3ce5d75a7c151fd4898f9b6f28a7c5332 bind-libs-9.4.1-7.P1.fc7.ppc.rpm
5e0b936a7b7052458014141157538151657a9450 bind-utils-9.4.1-7.P1.fc7.ppc.rpm
6276246b7705451b37aa07af4154c519d13bf013 bind-sdb-9.4.1-7.P1.fc7.ppc.rpm
92773e2443e3e78c2d558aa62c2238aafeb1686e bind-9.4.1-7.P1.fc7.ppc.rpm
73a68fce29b6cb196edd7aa51c027b6244d52a78 bind-debuginfo-9.4.1-7.P1.fc7.ppc.rpm
16133ef220ff4ee7d2dea97e3fcd9803e6254bc5 caching-nameserver-9.4.1-7.P1.fc7.ppc.rpm
e0c13966f4816e8effe7b3328e752cc73cc6a290 bind-devel-9.4.1-7.P1.fc7.ppc.rpm
15dd69053b9e5b16a70ddca1a5c4099d3b192648 bind-9.4.1-7.P1.fc7.src.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------