Search This Blog

Wednesday, July 25, 2007

[SECURITY] [DSA 1341-1] New bind9 packages fix DNS cache poisoning

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1341-1 security@debian.org
http://www.debian.org/security/

Moritz Muehlenhoff
July 25th, 2007

http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : bind9
Vulnerability : design error
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2007-2926

Amit Klein discovered that the BIND name server generates predictable
DNS query IDs, which may lead to cache poisoning attacks.

An update for the oldstable distribution (sarge) is in preparation. It
will be released soon.

For the stable distribution (etch) this problem has been fixed in
version 9.3.4-2etch1. An update for mips is not yet available, it will
be released soon.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your BIND packages.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1.dsc

Size/MD5 checksum: 758 428b3a45636c78046dbb77d9335a9973

http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1.diff.gz

Size/MD5 checksum: 287783 47a34c979ee9db072b37e2ae0ad0bdec

http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4.orig.tar.gz

Size/MD5 checksum: 4043577 198181d47c58a0a9c0265862cd5557b0

Architecture independent components:

http://security.debian.org/pool/updates/main/b/bind9/bind9-doc_9.3.4-2etch1_all.deb

Size/MD5 checksum: 186546 3ac7d54f57348ac941d5e0812ccc12f5

Alpha architecture:

http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_alpha.deb

Size/MD5 checksum: 322456 dfe4b93bc4f56fd5dd0d8e2d1998ad28

http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_alpha.deb

Size/MD5 checksum: 115188 9e79109d03b06a82561bb3245d85b53c

http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_alpha.deb

Size/MD5 checksum: 188024 9df9116f4e4d87dd6d1f310506762d05

http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_alpha.deb

Size/MD5 checksum: 1407446 2c263eb7c5a053db9127f5bb4ea3e63a

http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_alpha.deb

Size/MD5 checksum: 96012 39238a7c31a2f36fcd55152cf3c3314e

http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_alpha.deb

Size/MD5 checksum: 566696 a5cb0c0f4e1935fd836d17baed691184

http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_alpha.deb

Size/MD5 checksum: 189572 8ec031302a94a02a09b0af196bd300dc

http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_alpha.deb

Size/MD5 checksum: 97650 0075b972a1a8893cd71c66bcaaff95d4

http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_alpha.deb

Size/MD5 checksum: 111912 cae6cf777332ed408fd6b122198d325f

http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_alpha.deb

Size/MD5 checksum: 115874 fc5f861aad1689c7aeba2f1f012324ba

http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_alpha.deb

Size/MD5 checksum: 225398 f4b2582ac5d26563becd0b83e7f054ba

AMD64 architecture:

http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_amd64.deb

Size/MD5 checksum: 317188 4426301631236673c7501c63d7d1be64

http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_amd64.deb

Size/MD5 checksum: 116584 8485c57afdaefb85a77c2cec61bb0b7b

http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_amd64.deb

Size/MD5 checksum: 190490 8081ccaac50c67c51e9a49804d22e2f1

http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_amd64.deb

Size/MD5 checksum: 1110612 dfa5a6f773e5cc985ca15b08cf868afc

http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_amd64.deb

Size/MD5 checksum: 95162 de0fd449293c68f17886b9fcf8aaf3e0

http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_amd64.deb

Size/MD5 checksum: 553466 7a6494a6bd042ccf5df4d99d6c5c2542

http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_amd64.deb

Size/MD5 checksum: 186922 83db82dca4032d2326be7b1bb8624d19

http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_amd64.deb

Size/MD5 checksum: 95958 76cf006f35ab0fe0d5db1bea77902e7c

http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_amd64.deb

Size/MD5 checksum: 110608 099dbfa728bbd0ba230362327b96af33

http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_amd64.deb

Size/MD5 checksum: 113880 b90a561a40975ea4cddd3f59dc2d5a6b

http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_amd64.deb

Size/MD5 checksum: 223960 34ce7a0693aadc21ece63efc42717dc3

HP Precision architecture:

http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_hppa.deb

Size/MD5 checksum: 311286 ddc9ebd93f06b76792798a6a5bc01d34

http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_hppa.deb

Size/MD5 checksum: 115332 36e51f58ed0be288c2ab066bd0e1e763

http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_hppa.deb

Size/MD5 checksum: 187714 7ade5d593bef956f1dd7769c29f6551f

http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_hppa.deb

Size/MD5 checksum: 1257768 dcffd2d0af9262b3b3c2d1b8166d9c65

http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_hppa.deb

Size/MD5 checksum: 96256 c10cd5cc0d827b485e7a6b1d06342992

http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_hppa.deb

Size/MD5 checksum: 545018 c8a2f5a0a086a858ce4ae4e9c096d28c

http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_hppa.deb

Size/MD5 checksum: 185090 039d93f2286fa4974c360745f6e7ec89

http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_hppa.deb

Size/MD5 checksum: 96074 98b897d5f0c8ff086514d86801122d30

http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_hppa.deb

Size/MD5 checksum: 112556 16330ecebbd5be5dcfbfa7acb67c89aa

http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_hppa.deb

Size/MD5 checksum: 113746 ccb0abb76e39395ec051eac5b10ab3bb

http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_hppa.deb

Size/MD5 checksum: 216754 94ea9e9fc614f3ae44e184d4a070dee8

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_i386.deb

Size/MD5 checksum: 294096 a54d3779c21bc3d3ea13b8991aedd55c

http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_i386.deb

Size/MD5 checksum: 112686 91b9f6ad1fe1d3bed4473e844060755d

http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_i386.deb

Size/MD5 checksum: 180052 acdaa5225d7a8a46dfa018d33b85917f

http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_i386.deb

Size/MD5 checksum: 995710 8d44e9f8b65868d201cc0593c035a0b2

http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_i386.deb

Size/MD5 checksum: 94040 208d791ca231d336850b8526b61dc547

http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_i386.deb

Size/MD5 checksum: 473758 f0ca4e1c62970bcdb4ca0e4fec82bd20

http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_i386.deb

Size/MD5 checksum: 168910 f1be1c9a61bb8c1a7b28a73144a0febc

http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_i386.deb

Size/MD5 checksum: 94014 3927f50039cb5a3815d37ee60b8f0805

http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_i386.deb

Size/MD5 checksum: 105664 24dd5215d1eb5aabe10f68bd379dfbf5

http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_i386.deb

Size/MD5 checksum: 109552 9211a8f796f460cb1674ad233f99f0b8

http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_i386.deb

Size/MD5 checksum: 206122 5f581d25b7eac5d9924633c48374cfd9

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_ia64.deb

Size/MD5 checksum: 392704 fbb60f8a53e1df4370f6b1fa04dcaa7f

http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_ia64.deb

Size/MD5 checksum: 125346 d7b91c0fd8c935dc80d5c2f10dfb71cd

http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_ia64.deb

Size/MD5 checksum: 215892 d8b6b3e6a35d326074763dcb6f2a02d1

http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_ia64.deb

Size/MD5 checksum: 1585738 f246e3455fdcc4bede6aaa4feb7e5a4c

http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_ia64.deb

Size/MD5 checksum: 99586 a6a90361dbe16b55fac090b6221bb2b6

http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_ia64.deb

Size/MD5 checksum: 742434 2d827017a7f76dbaae60ac1c827c7375

http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_ia64.deb

Size/MD5 checksum: 231552 8968c74dabdb69eeb4091e8a8d4b2139

http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_ia64.deb

Size/MD5 checksum: 102034 da5aec0bfc2e2f8c659f563a8774596a

http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_ia64.deb

Size/MD5 checksum: 117356 99c85d5fd4b7790a8a3fbe0b66c55ce8

http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_ia64.deb

Size/MD5 checksum: 127150 3f764e3176185b773ddfa988105dce93

http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_ia64.deb

Size/MD5 checksum: 280214 ca7ba1f13de17522a302538390731a11

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_mipsel.deb

Size/MD5 checksum: 298960 386cfb4312bfed69a2ed12304609a3ed

http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_mipsel.deb

Size/MD5 checksum: 112532 92eb6f06d4a18dca899f5d23caddea3b

http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_mipsel.deb

Size/MD5 checksum: 179148 4ca657710b1071bac2ebd2a27ac1122c

http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_mipsel.deb

Size/MD5 checksum: 1206278 03496e479c5e92c1e4e6bbb63c54f73b

http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_mipsel.deb

Size/MD5 checksum: 93742 cb50eb9cce7422e8879aa796dfdb7b8d

http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_mipsel.deb

Size/MD5 checksum: 489944 ab86bfaff22e47af0bfd3fc57c0db801

http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_mipsel.deb

Size/MD5 checksum: 173664 03c3008a5493f50b453ac239e843a5db

http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_mipsel.deb

Size/MD5 checksum: 94564 5c1aab5f8cee9fac9e678737b5171ecc

http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_mipsel.deb

Size/MD5 checksum: 106766 7d53ee8d69117fdde48a1074cfdd3f1b

http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_mipsel.deb

Size/MD5 checksum: 109844 13abaab553f3c76403b948fea9d0cc1c

http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_mipsel.deb

Size/MD5 checksum: 210372 4bdb416e4876166765b8aa3987d8e339

PowerPC architecture:

http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_powerpc.deb

Size/MD5 checksum: 300740 b8f07903829e88e7dd495cb0866a1be4

http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_powerpc.deb

Size/MD5 checksum: 113376 20cdab8f8babc1e60bcc6e34824be459

http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_powerpc.deb

Size/MD5 checksum: 182824 7eb696a4324c5ad3f8b403a977c62c55

http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_powerpc.deb

Size/MD5 checksum: 1169274 289ca4f005063dec3ad819896ba0afb1

http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_powerpc.deb

Size/MD5 checksum: 95760 ca5d0db4143552b8570c766acea14a71

http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_powerpc.deb

Size/MD5 checksum: 490474 ef3bc644324fd9293b8f132e3bdf6eef

http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_powerpc.deb

Size/MD5 checksum: 173214 49a7fec7735be2fa5143280197d2e34d

http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_powerpc.deb

Size/MD5 checksum: 95768 6970420c1ca23d748ed7bdf9efc029e1

http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_powerpc.deb

Size/MD5 checksum: 108868 a0be0fc5c4c666348cc11d3502fa8a30

http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_powerpc.deb

Size/MD5 checksum: 111876 899a074f3970c21cb97e2d0b5a3b3606

http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_powerpc.deb

Size/MD5 checksum: 206322 24bce060644edb83c85a83e1c0d81087

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_s390.deb

Size/MD5 checksum: 331352 1d686878f52e8d8a3a1a10dd5d1eeae2

http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_s390.deb

Size/MD5 checksum: 117686 53039a718a231df07de1020ae4062d04

http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_s390.deb

Size/MD5 checksum: 194230 4fefe9085f9c27fd11f63b944ebe1583

http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_s390.deb

Size/MD5 checksum: 1138900 d511892e9f7b30f034d30d9b10722f67

http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_s390.deb

Size/MD5 checksum: 95298 6f5505c5815bd05d5acca2a7bc918f52

http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_s390.deb

Size/MD5 checksum: 581310 338f8914e14bfdc50835252d76f0fd42

http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_s390.deb

Size/MD5 checksum: 196206 543df937ea45c7b5f784c1c952a7f5e0

http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_s390.deb

Size/MD5 checksum: 97416 fa1af3cf8a7416f3ed5b7d42c836b8b2

http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_s390.deb

Size/MD5 checksum: 113884 2ec66079b2d2e11cf897f0977729a4c1

http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_s390.deb

Size/MD5 checksum: 116232 f5fa31d37e78bbb36f73d53da5da27ea

http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_s390.deb

Size/MD5 checksum: 233484 1dffc0d674f30381bbe5a7ffdbc30518

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_sparc.deb

Size/MD5 checksum: 299544 d87837fe5a3f20c6a14fdf3318dd2262

http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_sparc.deb

Size/MD5 checksum: 113810 f403041c08435061da227325811fa162

http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_sparc.deb

Size/MD5 checksum: 183572 8af8396c1de389c5d59c043f957f6ffc

http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_sparc.deb

Size/MD5 checksum: 1122852 f127cc8eaf19ea1afc0e75d95dddfe01

http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_sparc.deb

Size/MD5 checksum: 94460 5a3a6e60c48ea5a2430852e8f0bdccde

http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_sparc.deb

Size/MD5 checksum: 495516 6be9e70176aea0f4103f66638d1ddb4e

http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_sparc.deb

Size/MD5 checksum: 174856 af7512793320752e3607994adcdf5192

http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_sparc.deb

Size/MD5 checksum: 94450 607818b14e52d297085cf59f207afce7

http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_sparc.deb

Size/MD5 checksum: 107158 67c296d0d2ca2bd11260b9433bb8b444

http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_sparc.deb

Size/MD5 checksum: 110702 0237570eab7e9344b78728b6ff4c3a55

http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_sparc.deb

Size/MD5 checksum: 210042 3d5b39b5e149149d314c3d3b0693e057


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGp7yHXm3vHE4uyloRAmPkAJ0d9LV4wpLbtbYfVvg599mOZGgPagCeIleR
7/s4k59bitmpC29AHyMI5VE=
=1VmY
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

No comments: