Sikkerhedsoplysninger / 2001 / Sikkerhedsoplysninger -- DSA-026-1 bind

Debians sikkerhedsbulletin

DSA-026-1 bind -- buffer-overløb og informationslæk

Rapporteret den:

29. jan 2001

Berørte pakker:

bind

Sårbar:

Ja

Referencer i sikkerhedsdatabaser:

I Mitres CVE-ordbog: CVE-2001-0010, CVE-2001-0012.
CERTs noter om sårbarheder, bulletiner og hændelser: CA-2001-02, VU#196945, VU#325431.

Yderligere oplysninger:

BIND 8 har flere buffer-overløb. Et omvendt forespørgsel kan konstrueres således at det er mulig at læse stakken fra en fjernmaskine og dermed se environment-variablerne. CERT har offentliggjort oplysninger om disse problemer. En ny "upstrøms"-version rette dette. På grund af BINDs kompleksitet har vi besluttet at fravige vores regler, ved at frigive den nye "upstrøms"-kildekode i vores stabile distribution (stable). Vi anbefaler at du omgående opgraderer dine bind-pakker.

Rettet i:

Debian 2.2 (potato)

Kildekode:

http://security.debian.org/dists/stable/updates/main/source/bind_8.2.3-0.potato.1.diff.gz

http://security.debian.org/dists/stable/updates/main/source/bind_8.2.3-0.potato.1.dsc

http://security.debian.org/dists/stable/updates/main/source/bind_8.2.3.orig.tar.gz

alpha:

http://security.debian.org/dists/stable/updates/main/binary-alpha/bind-dev_8.2.3-0.potato.1_alpha.deb

http://security.debian.org/dists/stable/updates/main/binary-alpha/bind_8.2.3-0.potato.1_alpha.deb

http://security.debian.org/dists/stable/updates/main/binary-alpha/dnsutils_8.2.3-0.potato.1_alpha.deb

arm:

http://security.debian.org/dists/stable/updates/main/binary-arm/bind-dev_8.2.3-0.potato.1_arm.deb

http://security.debian.org/dists/stable/updates/main/binary-arm/bind_8.2.3-0.potato.1_arm.deb

http://security.debian.org/dists/stable/updates/main/binary-arm/dnsutils_8.2.3-0.potato.1_arm.deb

i386:

http://security.debian.org/dists/stable/updates/main/binary-i386/bind-dev_8.2.3-0.potato.1_i386.deb

http://security.debian.org/dists/stable/updates/main/binary-i386/bind_8.2.3-0.potato.1_i386.deb

http://security.debian.org/dists/stable/updates/main/binary-i386/dnsutils_8.2.3-0.potato.1_i386.deb

m68k:

http://security.debian.org/dists/stable/updates/main/binary-m68k/bind-dev_8.2.3-0.potato.1_m68k.deb

http://security.debian.org/dists/stable/updates/main/binary-m68k/bind_8.2.3-0.potato.1_m68k.deb

http://security.debian.org/dists/stable/updates/main/binary-m68k/dnsutils_8.2.3-0.potato.1_m68k.deb

powerpc:

http://security.debian.org/dists/stable/updates/main/binary-powerpc/bind-dev_8.2.3-0.potato.1_powerpc.deb

http://security.debian.org/dists/stable/updates/main/binary-powerpc/bind_8.2.3-0.potato.1_powerpc.deb

http://security.debian.org/dists/stable/updates/main/binary-powerpc/dnsutils_8.2.3-0.potato.1_powerpc.deb

sparc:

http://security.debian.org/dists/stable/updates/main/binary-sparc/bind-dev_8.2.3-0.potato.1_sparc.deb

http://security.debian.org/dists/stable/updates/main/binary-sparc/bind_8.2.3-0.potato.1_sparc.deb

http://security.debian.org/dists/stable/updates/main/binary-sparc/dnsutils_8.2.3-0.potato.1_sparc.deb