New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.
Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/bind-9.9.7_
This update fixes two denial-of-service vulnerabilities:
+ CVE-2015-5722 is a denial-of-service vector which can be
exploited remotely against a BIND server that is performing
validation on DNSSEC-signed records. Validating recursive
resolvers are at the greatest risk from this defect, but it has not
been ruled out that it could be exploited against an
authoritative-only nameserver under limited conditions. Servers
that are not performing validation are not vulnerable. However,
ISC does not recommend disabling validation as a workaround to
this issue as it exposes the server to other types of attacks.
Upgrading to the patched versions is the recommended solution.
All versions of BIND since 9.0.0 are vulnerable to CVE-2015-5722.
+ CVE-2015-5986 is a denial-of-service vector which can be used
against a BIND server that is performing recursion. Validation
is not required. Recursive resolvers are at the greatest risk
from this defect, but it has not been ruled out that it could
be exploited against an authoritative-only nameserver under
limited conditions.
Only versions of BIND since 9.9.7 and 9.10.2 are vulnerable to
CVE-2015-5986.
For more information, see:
https://kb.isc.org/article/AA-
http://cve.mitre.org/cgi-bin/
https://kb.isc.org/article/AA-
http://cve.mitre.org/cgi-bin/
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/
Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/
Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/
Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/
Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/
Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/
Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/
Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/
Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/
Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/
MD5 signatures:
+-------------+
Slackware 13.0 package:
627f6c6827eca24776d790166801de
Slackware x86_64 13.0 package:
49082f50322af84efe8d91459599b8
Slackware 13.1 package:
4dd375df46e84dbecb9f296e2fec69
Slackware x86_64 13.1 package:
90b4376b145544d9a63c28dcb891ca
Slackware 13.37 package:
181ce9e11eb9d909c5c06b8ddd5bb1
Slackware x86_64 13.37 package:
368f7a3b977865b0132bdcd129e708
Slackware 14.0 package:
3bb80a54fb5d0f76d17ef33cf06a07
Slackware x86_64 14.0 package:
d77b36e48e2c033ffa9d9981697930
Slackware 14.1 package:
ada9c70208885b4c7904364e040360
Slackware x86_64 14.1 package:
a78fbe27ba2834d2918fa26ce96d50
Slackware -current package:
450614c08d5fac56c8d2701394d1af
Slackware x86_64 -current package:
32e680d6bce8dac3ad5ba54958f68f
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg bind-9.9.7_P3-i486-1_slack14.
Then, restart the name server:
# /etc/rc.d/rc.bind restart
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
Komentarų nėra:
Rašyti komentarą