Debians sikkerhedsbulletin

DSA-2130-1 bind9 -- flere sårbarheder

Rapporteret den:
10. dec 2010
Berørte pakker:
bind9
Sårbar:
Ja
Referencer i sikkerhedsdatabaser:
I Mitres CVE-ordbog: CVE-2010-3762, CVE-2010-3614, CVE-2010-3613.
Yderligere oplysninger:

Flere fjernudnytbare sårbarheder er opdaget i BIND, en implementering af DNS-protokolsuiten. Projektet Common Vulnerabilities and Exposures har registreret følgende problemer:

  • CVE-2010-3762

    Når DNSSEC-validering var aktiveret, håndterede BIND ikke på korrekt vis visse dårlige signaturer if multiple trust anchors fandtes til en enkelt zone, hvilket gjorde det muligt for fjernangribere at forårsage et lammelsesangreb (servernedbrud) via en DNS-forespørgsel.

  • CVE-2010-3614

    BIND afgjorde ikke på korrekt vis sikkerhedsstatussen på en NS RRset under en DNSKEY-algoritmerollover, hvilket måske kunne føre til en zoneutilgængelighed under rollovers.

  • CVE-2010-3613

    BIND håndterede ikke på korrektvis kombinationen af signerede negative svar og tilhørende RRSIG-poster i cachen, hvilket gjorde det muligt for fjernangribere at forårsage et lammelsesangreb (servernedbrud) via en forespørgsel efter cachede data.

Desuden forbedrer denne sikkerhedsopdatering kompatibiliteten med tidligere installerede versioner af bind9-pakken. Som en følge deraf, er det nødvendigt at iværksætte opdateringen med apt-get dist-upgrade i stedet for apt-get update.

I den stabile distribution (lenny), er disse problemer rettet i version 1:9.6.ESV.R3+dfsg-0+lenny1.

I den kommende stabile distribution (squeeze) og i den ustable distribution (sid), er disse problemer rettet i version 1:9.7.2.dfsg.P3-1.

Vi anbefaler at du opgraderer dine bind9-pakker.

Rettet i:

Debian GNU/Linux 5.0 (lenny)

Kildekode:
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R3+dfsg.orig.tar.gz
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R3+dfsg-0+lenny1.diff.gz
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R3+dfsg-0+lenny1.dsc
Arkitekturuafhængig komponent:
http://security.debian.org/pool/updates/main/b/bind9/bind9-doc_9.6.ESV.R3+dfsg-0+lenny1_all.deb
Alpha:
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/b/bind9/libdns58_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/b/bind9/libisc50_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R3+dfsg-0+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R3+dfsg-0+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/b/bind9/libisc50_9.6.ESV.R3+dfsg-0+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R3+dfsg-0+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R3+dfsg-0+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/b/bind9/libdns58_9.6.ESV.R3+dfsg-0+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R3+dfsg-0+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R3+dfsg-0+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R3+dfsg-0+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R3+dfsg-0+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R3+dfsg-0+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R3+dfsg-0+lenny1_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R3+dfsg-0+lenny1_arm.deb
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R3+dfsg-0+lenny1_arm.deb
http://security.debian.org/pool/updates/main/b/bind9/libdns58_9.6.ESV.R3+dfsg-0+lenny1_arm.deb
http://security.debian.org/pool/updates/main/b/bind9/libisc50_9.6.ESV.R3+dfsg-0+lenny1_arm.deb
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R3+dfsg-0+lenny1_arm.deb
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R3+dfsg-0+lenny1_arm.deb
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R3+dfsg-0+lenny1_arm.deb
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R3+dfsg-0+lenny1_arm.deb
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R3+dfsg-0+lenny1_arm.deb
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R3+dfsg-0+lenny1_arm.deb
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R3+dfsg-0+lenny1_arm.deb
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R3+dfsg-0+lenny1_arm.deb
ARM EABI:
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R3+dfsg-0+lenny1_armel.deb
http://security.debian.org/pool/updates/main/b/bind9/libdns58_9.6.ESV.R3+dfsg-0+lenny1_armel.deb
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R3+dfsg-0+lenny1_armel.deb
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R3+dfsg-0+lenny1_armel.deb
http://security.debian.org/pool/updates/main/b/bind9/libisc50_9.6.ESV.R3+dfsg-0+lenny1_armel.deb
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R3+dfsg-0+lenny1_armel.deb
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R3+dfsg-0+lenny1_armel.deb
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R3+dfsg-0+lenny1_armel.deb
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R3+dfsg-0+lenny1_armel.deb
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R3+dfsg-0+lenny1_armel.deb
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R3+dfsg-0+lenny1_armel.deb
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R3+dfsg-0+lenny1_armel.deb
HP Precision:
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R3+dfsg-0+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R3+dfsg-0+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R3+dfsg-0+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R3+dfsg-0+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/b/bind9/libisc50_9.6.ESV.R3+dfsg-0+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R3+dfsg-0+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R3+dfsg-0+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R3+dfsg-0+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R3+dfsg-0+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R3+dfsg-0+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/b/bind9/libdns58_9.6.ESV.R3+dfsg-0+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R3+dfsg-0+lenny1_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/b/bind9/libdns58_9.6.ESV.R3+dfsg-0+lenny1_i386.deb
http://security.debian.org/pool/updates/main/b/bind9/libisc50_9.6.ESV.R3+dfsg-0+lenny1_i386.deb
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R3+dfsg-0+lenny1_i386.deb
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R3+dfsg-0+lenny1_i386.deb
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R3+dfsg-0+lenny1_i386.deb
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R3+dfsg-0+lenny1_i386.deb
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R3+dfsg-0+lenny1_i386.deb
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R3+dfsg-0+lenny1_i386.deb
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R3+dfsg-0+lenny1_i386.deb
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R3+dfsg-0+lenny1_i386.deb
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R3+dfsg-0+lenny1_i386.deb
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R3+dfsg-0+lenny1_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R3+dfsg-0+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R3+dfsg-0+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R3+dfsg-0+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R3+dfsg-0+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R3+dfsg-0+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/b/bind9/libisc50_9.6.ESV.R3+dfsg-0+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R3+dfsg-0+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R3+dfsg-0+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R3+dfsg-0+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R3+dfsg-0+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/b/bind9/libdns58_9.6.ESV.R3+dfsg-0+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R3+dfsg-0+lenny1_ia64.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R3+dfsg-0+lenny1_mips.deb
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R3+dfsg-0+lenny1_mips.deb
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R3+dfsg-0+lenny1_mips.deb
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R3+dfsg-0+lenny1_mips.deb
http://security.debian.org/pool/updates/main/b/bind9/libisc50_9.6.ESV.R3+dfsg-0+lenny1_mips.deb
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R3+dfsg-0+lenny1_mips.deb
http://security.debian.org/pool/updates/main/b/bind9/libdns58_9.6.ESV.R3+dfsg-0+lenny1_mips.deb
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R3+dfsg-0+lenny1_mips.deb
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R3+dfsg-0+lenny1_mips.deb
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R3+dfsg-0+lenny1_mips.deb
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R3+dfsg-0+lenny1_mips.deb
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R3+dfsg-0+lenny1_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R3+dfsg-0+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R3+dfsg-0+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R3+dfsg-0+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R3+dfsg-0+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R3+dfsg-0+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R3+dfsg-0+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/b/bind9/libdns58_9.6.ESV.R3+dfsg-0+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R3+dfsg-0+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R3+dfsg-0+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R3+dfsg-0+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/b/bind9/libisc50_9.6.ESV.R3+dfsg-0+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R3+dfsg-0+lenny1_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R3+dfsg-0+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R3+dfsg-0+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R3+dfsg-0+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R3+dfsg-0+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R3+dfsg-0+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R3+dfsg-0+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R3+dfsg-0+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R3+dfsg-0+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/b/bind9/libisc50_9.6.ESV.R3+dfsg-0+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R3+dfsg-0+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R3+dfsg-0+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/b/bind9/libdns58_9.6.ESV.R3+dfsg-0+lenny1_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R3+dfsg-0+lenny1_s390.deb
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R3+dfsg-0+lenny1_s390.deb
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R3+dfsg-0+lenny1_s390.deb
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R3+dfsg-0+lenny1_s390.deb
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R3+dfsg-0+lenny1_s390.deb
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R3+dfsg-0+lenny1_s390.deb
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R3+dfsg-0+lenny1_s390.deb
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R3+dfsg-0+lenny1_s390.deb
http://security.debian.org/pool/updates/main/b/bind9/libdns58_9.6.ESV.R3+dfsg-0+lenny1_s390.deb
http://security.debian.org/pool/updates/main/b/bind9/libisc50_9.6.ESV.R3+dfsg-0+lenny1_s390.deb
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R3+dfsg-0+lenny1_s390.deb
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R3+dfsg-0+lenny1_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R3+dfsg-0+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R3+dfsg-0+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R3+dfsg-0+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R3+dfsg-0+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R3+dfsg-0+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R3+dfsg-0+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R3+dfsg-0+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/b/bind9/libdns58_9.6.ESV.R3+dfsg-0+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R3+dfsg-0+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R3+dfsg-0+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R3+dfsg-0+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/b/bind9/libisc50_9.6.ESV.R3+dfsg-0+lenny1_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.