Описание
ELSA-2009-0020: bind security update (MODERATE)
[9.3.4-6.0.3.P1]
- check DSA_do_verify return value correctly
Обновленные пакеты
Oracle Linux 5
Oracle Linux x86_64
bind
9.3.4-6.0.3.P1.el5_2
bind-chroot
9.3.4-6.0.3.P1.el5_2
bind-devel
9.3.4-6.0.3.P1.el5_2
bind-libbind-devel
9.3.4-6.0.3.P1.el5_2
bind-libs
9.3.4-6.0.3.P1.el5_2
bind-sdb
9.3.4-6.0.3.P1.el5_2
bind-utils
9.3.4-6.0.3.P1.el5_2
caching-nameserver
9.3.4-6.0.3.P1.el5_2
Oracle Linux i386
bind
9.3.4-6.0.3.P1.el5_2
bind-chroot
9.3.4-6.0.3.P1.el5_2
bind-devel
9.3.4-6.0.3.P1.el5_2
bind-libbind-devel
9.3.4-6.0.3.P1.el5_2
bind-libs
9.3.4-6.0.3.P1.el5_2
bind-sdb
9.3.4-6.0.3.P1.el5_2
bind-utils
9.3.4-6.0.3.P1.el5_2
caching-nameserver
9.3.4-6.0.3.P1.el5_2
Связанные CVE
Связанные уязвимости
BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check t ...
BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.