Debians sikkerhedsbulletin
DSA-1963-1 unbound -- kryptografisk implementeringsfejl
- Rapporteret den:
- 23. dec 2009
- Berørte pakker:
- unbound
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Mitres CVE-ordbog: CVE-2009-3602.
- Yderligere oplysninger:
-
Man opdagede at Unbound, en DNS-resolver, ikke på korrekt vis kontrollerde kryptografiske signaturer i NSEC3-poster. Som en følge heraf, mistede zoner signeret med NSEC3-varianten af DNSSEC deres kryptografiske beskyttelse. (En angriber skulle stadig først udføre et almindeligt cacheforgiftningangreb, for at føje dårlige data til cachen.)
Den gamle stabile distribution (etch) indeholder ikke en unbound-pakke.
I den stabile distribution (lenny), er dette problem rettet i version 1.0.2-1+lenny1.
I den ustabile distribution (sid) og i distributionen testing (squeeze), er dette problem rettet i version 1.3.4-1.
Vi anbefaler at du opgraderer din unbound-pakke.
- Rettet i:
-
Debian GNU/Linux 5.0 (lenny)
- Kildekode:
- http://security.debian.org/pool/updates/main/u/unbound/unbound_1.0.2.orig.tar.gz
- http://security.debian.org/pool/updates/main/u/unbound/unbound_1.0.2-1+lenny1.diff.gz
- http://security.debian.org/pool/updates/main/u/unbound/unbound_1.0.2-1+lenny1.dsc
- http://security.debian.org/pool/updates/main/u/unbound/unbound_1.0.2-1+lenny1.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/u/unbound/libunbound-dev_1.0.2-1+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/u/unbound/unbound-host_1.0.2-1+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/u/unbound/libunbound0_1.0.2-1+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/u/unbound/unbound_1.0.2-1+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/u/unbound/unbound-host_1.0.2-1+lenny1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/u/unbound/libunbound0_1.0.2-1+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/u/unbound/unbound_1.0.2-1+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/u/unbound/unbound-host_1.0.2-1+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/u/unbound/libunbound-dev_1.0.2-1+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/u/unbound/unbound_1.0.2-1+lenny1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/u/unbound/unbound-host_1.0.2-1+lenny1_arm.deb
- http://security.debian.org/pool/updates/main/u/unbound/libunbound0_1.0.2-1+lenny1_arm.deb
- http://security.debian.org/pool/updates/main/u/unbound/libunbound-dev_1.0.2-1+lenny1_arm.deb
- http://security.debian.org/pool/updates/main/u/unbound/unbound_1.0.2-1+lenny1_arm.deb
- http://security.debian.org/pool/updates/main/u/unbound/libunbound0_1.0.2-1+lenny1_arm.deb
- ARM EABI:
- http://security.debian.org/pool/updates/main/u/unbound/unbound_1.0.2-1+lenny1_armel.deb
- http://security.debian.org/pool/updates/main/u/unbound/libunbound0_1.0.2-1+lenny1_armel.deb
- http://security.debian.org/pool/updates/main/u/unbound/unbound-host_1.0.2-1+lenny1_armel.deb
- http://security.debian.org/pool/updates/main/u/unbound/libunbound-dev_1.0.2-1+lenny1_armel.deb
- http://security.debian.org/pool/updates/main/u/unbound/libunbound0_1.0.2-1+lenny1_armel.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/u/unbound/libunbound0_1.0.2-1+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/u/unbound/libunbound-dev_1.0.2-1+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/u/unbound/unbound_1.0.2-1+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/u/unbound/unbound-host_1.0.2-1+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/u/unbound/libunbound-dev_1.0.2-1+lenny1_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/u/unbound/unbound-host_1.0.2-1+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/u/unbound/libunbound0_1.0.2-1+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/u/unbound/libunbound-dev_1.0.2-1+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/u/unbound/unbound_1.0.2-1+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/u/unbound/libunbound0_1.0.2-1+lenny1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/u/unbound/unbound_1.0.2-1+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/u/unbound/libunbound-dev_1.0.2-1+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/u/unbound/unbound-host_1.0.2-1+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/u/unbound/libunbound0_1.0.2-1+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/u/unbound/libunbound-dev_1.0.2-1+lenny1_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/u/unbound/unbound_1.0.2-1+lenny1_mips.deb
- http://security.debian.org/pool/updates/main/u/unbound/libunbound-dev_1.0.2-1+lenny1_mips.deb
- http://security.debian.org/pool/updates/main/u/unbound/libunbound0_1.0.2-1+lenny1_mips.deb
- http://security.debian.org/pool/updates/main/u/unbound/unbound-host_1.0.2-1+lenny1_mips.deb
- http://security.debian.org/pool/updates/main/u/unbound/libunbound-dev_1.0.2-1+lenny1_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/u/unbound/libunbound-dev_1.0.2-1+lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/u/unbound/unbound-host_1.0.2-1+lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/u/unbound/libunbound0_1.0.2-1+lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/u/unbound/unbound_1.0.2-1+lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/u/unbound/unbound-host_1.0.2-1+lenny1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/u/unbound/unbound_1.0.2-1+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/u/unbound/libunbound-dev_1.0.2-1+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/u/unbound/libunbound0_1.0.2-1+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/u/unbound/unbound-host_1.0.2-1+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/u/unbound/libunbound-dev_1.0.2-1+lenny1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/u/unbound/unbound_1.0.2-1+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/u/unbound/libunbound0_1.0.2-1+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/u/unbound/libunbound-dev_1.0.2-1+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/u/unbound/unbound-host_1.0.2-1+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/u/unbound/libunbound0_1.0.2-1+lenny1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/u/unbound/unbound_1.0.2-1+lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/u/unbound/libunbound-dev_1.0.2-1+lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/u/unbound/libunbound0_1.0.2-1+lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/u/unbound/unbound-host_1.0.2-1+lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/u/unbound/libunbound-dev_1.0.2-1+lenny1_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.