Debians sikkerhedsbulletin

DSA-026-1 bind -- buffer-overløb og informationslæk

Rapporteret den:
29. jan 2001
Berørte pakker:
bind
Sårbar:
Ja
Referencer i sikkerhedsdatabaser:
I Mitres CVE-ordbog: CVE-2001-0010, CVE-2001-0012.
CERTs noter om sårbarheder, bulletiner og hændelser: CA-2001-02, VU#196945, VU#325431.
Yderligere oplysninger:
BIND 8 har flere buffer-overløb. Et omvendt forespørgsel kan konstrueres således at det er mulig at læse stakken fra en fjernmaskine og dermed se environment-variablerne. CERT har offentliggjort oplysninger om disse problemer. En ny "upstrøms"-version rette dette. På grund af BINDs kompleksitet har vi besluttet at fravige vores regler, ved at frigive den nye "upstrøms"-kildekode i vores stabile distribution (stable). Vi anbefaler at du omgående opgraderer dine bind-pakker.
Rettet i:

Debian 2.2 (potato)

Kildekode:
http://security.debian.org/dists/stable/updates/main/source/bind_8.2.3-0.potato.1.diff.gz
http://security.debian.org/dists/stable/updates/main/source/bind_8.2.3-0.potato.1.dsc
http://security.debian.org/dists/stable/updates/main/source/bind_8.2.3.orig.tar.gz
alpha:
http://security.debian.org/dists/stable/updates/main/binary-alpha/bind-dev_8.2.3-0.potato.1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/bind_8.2.3-0.potato.1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/dnsutils_8.2.3-0.potato.1_alpha.deb
arm:
http://security.debian.org/dists/stable/updates/main/binary-arm/bind-dev_8.2.3-0.potato.1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/bind_8.2.3-0.potato.1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/dnsutils_8.2.3-0.potato.1_arm.deb
i386:
http://security.debian.org/dists/stable/updates/main/binary-i386/bind-dev_8.2.3-0.potato.1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/bind_8.2.3-0.potato.1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/dnsutils_8.2.3-0.potato.1_i386.deb
m68k:
http://security.debian.org/dists/stable/updates/main/binary-m68k/bind-dev_8.2.3-0.potato.1_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/bind_8.2.3-0.potato.1_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/dnsutils_8.2.3-0.potato.1_m68k.deb
powerpc:
http://security.debian.org/dists/stable/updates/main/binary-powerpc/bind-dev_8.2.3-0.potato.1_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/bind_8.2.3-0.potato.1_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/dnsutils_8.2.3-0.potato.1_powerpc.deb
sparc:
http://security.debian.org/dists/stable/updates/main/binary-sparc/bind-dev_8.2.3-0.potato.1_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/bind_8.2.3-0.potato.1_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/dnsutils_8.2.3-0.potato.1_sparc.deb