-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2009-33
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Original released date: 14 Dec 2009
Last revised: 14 Dec 2009
Package: bind
Summary: Cache poisoning attacks
More information:
Bind includes the named name server, which resolves host names to IP
addresses (and vice versa), and a resolver library (a set of routines
in a system library that provide the interface for programs to use when
accessing domain name services).
Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1,
9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3, and 9.0.x through 9.3.x with DNSSEC
validation enabled and checking disabled (CD), allows remote attackers to conduct
DNS cache poisoning attacks via additional sections in a response sent for resolution
of a recursive client query, which is not properly handled when the response is processed
"at the same time as requesting DNSSEC records (DO)." (CVE-2009-4022)
Affected Products:
- Turbolinux Client 2008
- Turbolinux Appliance Server 3.0 x64 Edition
- Turbolinux Appliance Server 3.0
- Turbolinux 11 Server x64 Edition
- Turbolinux 11 Server
<Turbolinux Client 2008>
Source Packages
Size: MD5
http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-source/bind-9.4.2-6.src.rpm
6505933 aa894862226200f5be0716b85e995615
Binary Packages
Size: MD5
http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-updates/bind-devel-9.4.2-6.i586.rpm
5081837 2fa80c15790f4148e54f100df31997b3
http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-updates/bind-libs-9.4.2-6.i586.rpm
898750 8cf82bf9be46e34ed94234ef4168e999
http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-updates/bind-utils-9.4.2-6.i586.rpm
374502 f9a407b3457eed5d42242051e06edbfd
<Turbolinux Appliance Server 3.0 x64 Edition>
Source Packages
Size: MD5
bind-9.4.2-6.src.rpm
6520714 16664cf5d8fcf7ada2b4dd7ad411af30
Binary Packages
Size: MD5
bind-9.4.2-6.x86_64.rpm
1654519 34f03a16e3543376403a4aaeba1df791
bind-chroot-9.4.2-6.x86_64.rpm
14816 18e4a5a5726b3cce440403359005f742
bind-libs-9.4.2-6.x86_64.rpm
926148 ade24c5bd5dff83d5c98a88336e09ecb
bind-sdb-9.4.2-6.x86_64.rpm
222045 4561b6a7fe6dbfef67391eca31a6ad17
bind-utils-9.4.2-6.x86_64.rpm
378972 6a9152cd5500cacd99bd904fa156c758
<Turbolinux Appliance Server 3.0>
Source Packages
Size: MD5
bind-9.4.2-6.src.rpm
6520714 16664cf5d8fcf7ada2b4dd7ad411af30
Binary Packages
Size: MD5
bind-9.4.2-6.i686.rpm
1634001 baa1fe11eafbbf54bcdbe226c186e84d
bind-chroot-9.4.2-6.i686.rpm
14845 53452507b74012a811350a9685e986bd
bind-libs-9.4.2-6.i686.rpm
831841 0efac532abf21d6ced1ef088b060d386
bind-sdb-9.4.2-6.i686.rpm
203806 e33618cf63ed6cd3a59bcffb617f5681
bind-utils-9.4.2-6.i686.rpm
352503 7a3ce67ec5fded792bf27129e727ae60
<Turbolinux 11 Server x64 Edition>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/11/updates/SRPMS/bind-9.4.2-6.src.rpm
6520714 16664cf5d8fcf7ada2b4dd7ad411af30
Binary Packages
Size: MD5
bind-9.4.2-6.x86_64.rpm
1654519 34f03a16e3543376403a4aaeba1df791
bind-chroot-9.4.2-6.x86_64.rpm
14816 18e4a5a5726b3cce440403359005f742
bind-devel-9.4.2-6.x86_64.rpm
3221975 2b523b8642738ca99c73d3daf42b8707
bind-libs-9.4.2-6.x86_64.rpm
926148 ade24c5bd5dff83d5c98a88336e09ecb
bind-sdb-9.4.2-6.x86_64.rpm
222045 4561b6a7fe6dbfef67391eca31a6ad17
bind-utils-9.4.2-6.x86_64.rpm
378972 6a9152cd5500cacd99bd904fa156c758
<Turbolinux 11 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/11/updates/SRPMS/bind-9.4.2-6.src.rpm
6520714 16664cf5d8fcf7ada2b4dd7ad411af30
Binary Packages
Size: MD5
bind-9.4.2-6.i686.rpm
1634001 baa1fe11eafbbf54bcdbe226c186e84d
bind-chroot-9.4.2-6.i686.rpm
14845 53452507b74012a811350a9685e986bd
bind-devel-9.4.2-6.i686.rpm
3129353 cb24f7b3bc5a146e97e197d8fcfab1e8
bind-libs-9.4.2-6.i686.rpm
831841 0efac532abf21d6ced1ef088b060d386
bind-sdb-9.4.2-6.i686.rpm
203806 e33618cf63ed6cd3a59bcffb617f5681
bind-utils-9.4.2-6.i686.rpm
352503 7a3ce67ec5fded792bf27129e727ae60
References:
CVE
[CVE-2009-4022]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022
--------------------------------------------------------------------------
Revision History
14 Dec 2009 Initial release
--------------------------------------------------------------------------
Copyright(C) 2009 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13 (GNU/Linux)
iEYEARECAAYFAkslztcACgkQK0LzjOqIJMxGlQCeJdnEnS8AEwTGuF7+/T7IDZJo
oeAAoJjW9tZP7B0JqhJlV0TqE3ATFwit
=kPWh
-----END PGP SIGNATURE-----