-----BEGIN PGP SIGNED MESSAGE----- 
Hash: SHA1 


- -------------------------------------------------------------------------- 
CONECTIVA LINUX SECURITY ANNOUNCEMENT 
- -------------------------------------------------------------------------- 


PACKAGE : bind 
SUMMARY : Denial of Service vulnerability 
DATE : 2002-06-06 15:01:00 
ID : CLA-2002:494 
RELEVANT 
RELEASES : 7.0, 8 


- ------------------------------------------------------------------------- 


DESCRIPTION 
 "bind" is a name server (DNS) developed by the ISC and used in many 
 internet and intranet sites. 
  
 ISC (Internet Software Consortium) reported a remote denial of 
 service vulnerability[2] in the BIND[1] server. A remote attacker can 
 exploit this problem and shut down the name server. 
  
 This vulnerability only affects the 9.x versions of the server and 
 has no other consequence besides shutting down the service. 
  
 An indication that the service has been shut down due to this problem 
 are the following messages in the system log (/var/log/messages): 
  
 named: message.c:808: REQUIRE(*rdataset == ((void *)0)) failed 
 named: exiting (due to assertion failure) 
  
 Please note that regular DNS traffic could also accidentally trigger 
 this problem. 
  
 ISC has released BIND version 9.2.1 to address this vulnerability. 



SOLUTION 
 It is recommended that all bind users upgrade their packages. The 
 "named" service will be automatically restarted if it was already 
 running before the upgrade. 
  
  
 REFERENCES 
 1. http://www.isc.org/products/BIND/bind9.html 
 2. http://www.kb.cert.org/vuls/id/739123 
 3. http://www.cert.org/advisories/CA-2002-15.html 
 4. http://www.isc.org/products/BIND/bind-security.html 



DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES 
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/bind-9.2.1-1U70_2cl.src.rpm 
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/bind-9.2.1-1U70_2cl.i386.rpm 
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/bind-chroot-9.2.1-1U70_2cl.i386.rpm 
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/bind-devel-9.2.1-1U70_2cl.i386.rpm 
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/bind-devel-static-9.2.1-1U70_2cl.i386.rp
m 
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/bind-doc-9.2.1-1U70_2cl.i386.rpm 
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/bind-utils-9.2.1-1U70_2cl.i386.rpm 
ftp://atualizacoes.conectiva.com.br/8/SRPMS/bind-9.2.1-1U8_1cl.src.rpm 
ftp://atualizacoes.conectiva.com.br/8/RPMS/bind-9.2.1-1U8_1cl.i386.rpm 
ftp://atualizacoes.conectiva.com.br/8/RPMS/bind-chroot-9.2.1-1U8_1cl.i386.rpm 
ftp://atualizacoes.conectiva.com.br/8/RPMS/bind-devel-9.2.1-1U8_1cl.i386.rpm 
ftp://atualizacoes.conectiva.com.br/8/RPMS/bind-devel-static-9.2.1-1U8_1cl.i386.rpm 
ftp://atualizacoes.conectiva.com.br/8/RPMS/bind-doc-9.2.1-1U8_1cl.i386.rpm 
ftp://atualizacoes.conectiva.com.br/8/RPMS/bind-libs-9.2.1-1U8_1cl.i386.rpm 
ftp://atualizacoes.conectiva.com.br/8/RPMS/bind-utils-9.2.1-1U8_1cl.i386.rpm 



ADDITIONAL INSTRUCTIONS 
 Users of Conectiva Linux version 6.0 or higher may use apt to perform 
 upgrades of RPM packages: 
 - add the following line to /etc/apt/sources.list if it is not there yet 
   (you may also use linuxconf to do this): 


 rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates 


(replace 6.0 with the correct version number if you are not running CL6.0) 


 - run: apt-get update 
 - after that, execute: apt-get upgrade 


 Detailed instructions reagarding the use of apt and upgrade examples 
 can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en 



- ------------------------------------------------------------------------- 
All packages are signed with Conectiva's GPG key. The key and instructions 
on how to import it can be found at 
http://distro.conectiva.com.br/seguranca/chave/?idioma=en 
Instructions on how to check the signatures of the RPM packages can be 
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en 
- ------------------------------------------------------------------------- 
All our advisories and generic update instructions can be viewed at 
http://distro.conectiva.com.br/atualizacoes/?idioma=en 


- ------------------------------------------------------------------------- 
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br 
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br 
-----BEGIN PGP SIGNATURE----- 
Version: GnuPG v1.0.6 (GNU/Linux) 
Comment: For info see http://www.gnupg.org 


iD8DBQE8/6ON42jd0JmAcZARAoGOAKCBPGpe0ZeTj6RVp3nof8ET4Q+UrQCgng8Z 
/cxvs1blWHwUSuf8R8x+AEI= 
=03zN 
-----END PGP SIGNATURE----- 

Review: Logging and Log Management

Posted on 22 May 2013.  |  Every security practitioner should be aware of the overwhelming advantages of logging and perusing logs for discovering system intrusions. But logging and log management comes with its own set of difficulties.

Experts highlight top data breach vulnerabilities

Posted on 22 May 2013.  |  Hidden vulnerabilities lie in everyday activities that can expose personal information and lead to data breach, including buying gas with a credit card or wearing a pacemaker.

A closer look at Mega cloud storage

Posted on 21 May 2013.  |  Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.

The CSO perspective on healthcare security and compliance

Posted on 20 May 2013.  |  Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.

Cyber espionage campaign uses professionally-made malware

Posted on 20 May 2013.  |  A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.