ELSA-2007-0057

Опубликовано: 26 июн. 2007

Источник: oracle-oval

Платформа: Oracle Linux 5

Описание

ELSA-2007-0057: Moderate: bind security update (MODERATE)

[30:9.3.3-8]

added fix for #224445 - CVE-2007-0493 BIND might crash after attempting to read free()-ed memory
added fix for #225229 - CVE-2007-0494 BIND dnssec denial of service
Resolves: rhbz#224445
Resolves: rhbz#225229

Обновленные пакеты

Oracle Linux 5

Oracle Linux x86_64

bind

9.3.3-8.el5

bind-chroot

9.3.3-8.el5

bind-devel

9.3.3-8.el5

bind-libbind-devel

9.3.3-8.el5

bind-libs

9.3.3-8.el5

bind-sdb

9.3.3-8.el5

bind-utils

9.3.3-8.el5

caching-nameserver

9.3.3-8.el5

Oracle Linux i386

bind

9.3.3-8.el5

bind-chroot

9.3.3-8.el5

bind-devel

9.3.3-8.el5

bind-libbind-devel

9.3.3-8.el5

bind-libs

9.3.3-8.el5

bind-sdb

9.3.3-8.el5

bind-utils

9.3.3-8.el5

caching-nameserver

9.3.3-8.el5

Связанные CVE

CVE-2007-0493

CVE-2007-0494

Ссылки на источники

Связанные уязвимости

CVE-2007-0494

ubuntu

больше 18 лет назад

ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability.

CVE-2007-0494

redhat

больше 18 лет назад

CVE-2007-0494

nvd

больше 18 лет назад

CVE-2007-0494

debian

больше 18 лет назад

ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 u ...

CVE-2007-0493

ubuntu

больше 18 лет назад

Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context."