-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2010-5
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Original released date: 09 Feb 2010
Last revised: 09 Feb 2010
Package: bind
Summary: DNSSEC check vulnerabilities
More information:
Bind includes the named name server, which resolves host names to IP
addresses (and vice versa), and a resolver library (a set of routines
in a system library that provide the interface for programs to use when
accessing domain name services).
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2,
9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1)
NSEC and (2) NSEC3 records, which allows remote attackers to add the
Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. (CVE-2010-0097)
Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5,
9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation
enabled and checking disabled (CD), allows remote attackers to conduct
DNS cache poisoning attacks by receiving a recursive client query and
sending a response that contains (1) CNAME or (2) DNAME records, which do not have
the intended validation before caching, aka Bug 20737. NOTE: this vulnerability
exists because of an incomplete fix for CVE-2009-4022. (CVE-2010-0290)
Affected Products:
- Turbolinux Client 2008
- Turbolinux Appliance Server 3.0 x64 Edition
- Turbolinux Appliance Server 3.0
- Turbolinux 11 Server x64 Edition
- Turbolinux 11 Server
<Turbolinux Client 2008>
Source Packages
Size: MD5
http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-source/bind-9.4.2-8.src.rpm
6508226 077f7de7067695f46b711c52c18c592e
Binary Packages
Size: MD5
http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-updates/bind-devel-9.4.2-8.i586.rpm
5081880 d433d07d10d56eb85efb1cee0e059809
http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-updates/bind-libs-9.4.2-8.i586.rpm
898899 ac6293d6ff3a19a4ca60873da4439ec6
http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-updates/bind-utils-9.4.2-8.i586.rpm
374637 599749b0131a1cf37a34073425c581f3
<Turbolinux Appliance Server 3.0 x64 Edition>
Source Packages
Size: MD5
bind-9.4.2-8.src.rpm
6523155 94379c79075ef0b125377443a5c15aaf
Binary Packages
Size: MD5
bind-9.4.2-8.x86_64.rpm
1655685 89396133e035faffdad501b329008265
bind-chroot-9.4.2-8.x86_64.rpm
14920 9027a31a1584ce4fd2f73da696e59ba8
bind-libs-9.4.2-8.x86_64.rpm
927117 2a7b0239d013837cc194c373a9517b11
bind-sdb-9.4.2-8.x86_64.rpm
222248 9248061eca6ee98f0cde12a6a46d7f37
bind-utils-9.4.2-8.x86_64.rpm
379055 0f709876846969582b6102d4296592b0
<Turbolinux Appliance Server 3.0>
Source Packages
Size: MD5
bind-9.4.2-8.src.rpm
6523155 94379c79075ef0b125377443a5c15aaf
Binary Packages
Size: MD5
bind-9.4.2-8.i686.rpm
1634552 334c99157657a3281309267549cb27f4
bind-chroot-9.4.2-8.i686.rpm
14952 4c83466dc351da7197dc1182d0e6a793
bind-libs-9.4.2-8.i686.rpm
831632 39f448cf85b11153f1e52dbeb79327e6
bind-sdb-9.4.2-8.i686.rpm
203903 e70a9ed9aa8ee39087aae973777df647
bind-utils-9.4.2-8.i686.rpm
352735 d18cc0f5f78fc4a8ff7522a361f146d7
<Turbolinux 11 Server x64 Edition>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/11/updates/SRPMS/bind-9.4.2-8.src.rpm
6523155 94379c79075ef0b125377443a5c15aaf
Binary Packages
Size: MD5
bind-9.4.2-8.x86_64.rpm
1655685 89396133e035faffdad501b329008265
bind-chroot-9.4.2-8.x86_64.rpm
14920 9027a31a1584ce4fd2f73da696e59ba8
bind-devel-9.4.2-8.x86_64.rpm
3221832 b378bd5c2c21fa5b883610fd58d51922
bind-libs-9.4.2-8.x86_64.rpm
927117 2a7b0239d013837cc194c373a9517b11
bind-sdb-9.4.2-8.x86_64.rpm
222248 9248061eca6ee98f0cde12a6a46d7f37
bind-utils-9.4.2-8.x86_64.rpm
379055 0f709876846969582b6102d4296592b0
<Turbolinux 11 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/11/updates/SRPMS/bind-9.4.2-8.src.rpm
6523155 94379c79075ef0b125377443a5c15aaf
Binary Packages
Size: MD5
bind-9.4.2-8.i686.rpm
1634552 334c99157657a3281309267549cb27f4
bind-chroot-9.4.2-8.i686.rpm
14952 4c83466dc351da7197dc1182d0e6a793
bind-devel-9.4.2-8.i686.rpm
3131555 850b04675b3693f3c40338d9781df51a
bind-libs-9.4.2-8.i686.rpm
831632 39f448cf85b11153f1e52dbeb79327e6
bind-sdb-9.4.2-8.i686.rpm
203903 e70a9ed9aa8ee39087aae973777df647
bind-utils-9.4.2-8.i686.rpm
352735 d18cc0f5f78fc4a8ff7522a361f146d7
References:
CVE
[CVE-2010-0097]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097
[CVE-2010-0290]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0290
--------------------------------------------------------------------------
Revision History
09 Feb 2010 Initial release
--------------------------------------------------------------------------
Copyright(C) 2010 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAktw9xwACgkQK0LzjOqIJMx9JQCfSuj2OW1p+3q1YRUcJ+GZno+J
WjcAni6iwvOvsoa2j6zeV0QHF1tVur6u
=yqmd
-----END PGP SIGNATURE-----