Thread: [Cucumber-linux-security] bind-server (security update is available)
A general purpose desktop and server Linux distribution.
Brought to you by:
z5t1
Menu
▾
▴
cucumber-linux-security
|
From: Scott C. <sc...@cu...> - 2018-01-17 15:14:14
Attachments:
signature.asc
|
Update Information A security update is available for bind-server for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.1 Beta changelog: +----------------+ Wed Jan 17 09:03:19 EST 2018 net-extra/bind-server upgraded from 9.11.2 to 9.11.2_P1 to fix a few security vulnerabilities: CVE-2017-3145 (a use after free vulnerability), CVE-2017-3143 (a vulnerability which could result in unauthorized zone transfers) and CVE-2017-3140 (a vulnerability which could cause named to go into an infinite loop). For more information see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3145 http://security.cucumberlinux.com/security/details.php?id=227 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3143 http://security.cucumberlinux.com/security/details.php?id=229 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3140 http://security.cucumberlinux.com/security/details.php?id=231 https://lists.isc.org/pipermail/bind-announce/2018-January/001075.html multilib/net-extra/bind-server upgraded from 9.11.2 to 9.11.2_P1 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-227 [CVE-2017-3145] (http://security.cucumberlinux.com/security/details.php?id=227) * CLD-229 [CVE-2017-3143] (http://security.cucumberlinux.com/security/details.php?id=229) * CLD-231 [CVE-2017-3140] (http://security.cucumberlinux.com/security/details.php?id=231) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure bind-server is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-07-11 21:25:56
Attachments:
signature.asc
|
Update Information A security update is available for bind-server for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Wed Jul 11 17:07:25 EDT 2018 net-extra/bind-server upgraded from 9.11.3 to 9.11.4 to fix CVE-2018-5738, a security vulnerability that allowed for unintended clients to perform recursive queries, due to improper handling of the configuration. For more information see: https://security.cucumberlinux.com/security/details.php?id=467 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5738 https://kb.isc.org/article/AA-01634/0/BIND-9.11.4-Release-Notes.html multilib/net-extra/bind-server-lib_i686 upgraded from 9.11.3 to 9.11.4 (x86_64 only) * SECURITY FIX * +----------------+ Here are the details from the Cucumber 1.0 changelog: +----------------+ Wed Jul 11 17:10:14 EDT 2018 testing/net-testing/bind-server upgraded from 9.11.3 to 9.11.4 to fix CVE-2018-5738, a security vulnerability that allowed for unintended clients to perform recursive queries, due to improper handling of the configuration. For more information see: https://security.cucumberlinux.com/security/details.php?id=467 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5738 https://kb.isc.org/article/AA-01634/0/BIND-9.11.4-Release-Notes.html testing/multilib/net-testing/bind-server-lib_i686 upgraded from 9.11.3 to 9.11.4 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-467 [CVE-2018-5738] (https://security.cucumberlinux.com/security/details.php?id=467) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure bind-server is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-08-09 19:46:47
Attachments:
signature.asc
|
Update Information A security update is available for bind-server for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Thu Aug 9 15:26:33 EDT 2018 net-extra/bind-server upgraded from 9.11.4 to 9.11.4_P1 to fix CVE-2018-5740, a security vulnerability which allowed for a remote denial of service attack (a crash of named) via an assert failure on servers which have explicitly enabled the "deny-answer-aliases" feature. This feature is disabled by default. For more information see: https://security.cucumberlinux.com/security/details.php?id=514 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5740 https://kb.isc.org/article/AA-01639 https://kb.isc.org/article/AA-01644/81/BIND-9.11.4-P1 multilib/net-extra/bind-server-lib_i686 upgraded from 9.11.4 to 9.11.4_P1 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-514 [CVE-2018-5740] (https://security.cucumberlinux.com/security/details.php?id=514) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure bind-server is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2019-04-27 22:39:37
Attachments:
signature.asc
|
Update Information A security update is available for bind-server for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Sat Apr 27 18:17:51 EDT 2019 net-extra/bind-server upgraded from 9.11.5 to 9.11.6_P1 to fix two security vulnerabilities: CVE-2018-5743, which allowed for a remote attacker to cause a denial of service (a hang of named, and possibly a complete denial of service to the entire filesystem BIND is located on) due to ineffective limiting of simultaneous TCP client connections; and CVE-2019-6467, which allowed for a remote denial of service (crash of named) due to an assertion failure in query.c. For more information see: https://security.cucumberlinux.com/security/details.php?id=694 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743 https://kb.isc.org/docs/cve-2018-5743 https://security.cucumberlinux.com/security/details.php?id=696 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6467 https://kb.isc.org/docs/cve-2019-6467 net-base/bind-client upgraded from 9.11.5 to 9.11.6_P1. Note that the aforementioned vulnerabilities affect only named, so the bind-client package is unaffected by them. * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-694 [CVE-2018-5743] (https://security.cucumberlinux.com/security/details.php?id=694) * CLD-696 [CVE-2019-6467] (https://security.cucumberlinux.com/security/details.php?id=696) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure bind-server is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X