Yellow Dog Linux Security Advisory: YDU-20020606-6

Dan Burcaw yellowdog-updates@lists.terrasoftsolutions.com
Thu, 6 Jun 2002 20:00:44 -0600 (MDT) 

Yellow Dog Linux Security Announcement
--------------------------------------

Package:	bind		
Issue Date: 	June 06, 2002	
Priority:	high		
Advisory ID: 	YDU-20020606-6


1. 	Topic:

	Updated bind packages are available.


2. 	Problem:

	"BIND (Berkeley Internet Name Domain) is an implementation of the DNS
	(Domain Name System) protocols.  Versions of BIND 9 prior to 9.2.1 have a bug
	that causes certain requests to the BIND name server (named) to fail an
	internal consistency check, causing the name server to stop responding to
	requests.  This can be used by a remote attacker to cause a denial of
	service (DOS) attack against name servers.

	[Yellow Dog Linux 2.x] shipped with versions of BIND vulnerable to
	this issue.  All users of BIND are advised to upgrade to the errata
	packages containing BIND 9.2.1 which is not vulnerable to this issue."
	(from Red Hat Advisory)


3. 	Solution:

   	a) Updating via apt...
   	We suggest that you use the apt-get program to keep your
   	system up-to-date. The following command(s) will retrieve
   	and install the fixed version of this update onto your system:

		apt-get update
		apt-get install bind

   	b) Updating manually...
   	The update can also be retrieved manually from our ftp site
   	below along with the rpm command that should be used to install
   	the update.  (Please use a mirror site)

   		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.2/ppc/
		rpm -Fvh bind-*9.2.1-0.7x.ppc.rpm


4. Verification

MD5 checksum			  Package
--------------------------------  ----------------------------
9924567aabc99df62dfe0f8c6277db03  ppc/bind-9.2.1-0.7x.ppc.rpm
67af6dc5fee9b37c2f718c2c5ab0b7e3  ppc/bind-devel-9.2.1-0.7x.ppc.rpm
ebfad39b5e6f76acc129a046c98c4cf6  ppc/bind-utils-9.2.1-0.7x.ppc.rpm
ff210c200afbe221c2a5c7c277c6f43c  SRPMS/bind-9.2.1-0.7x.src.rpm

If you wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: rpm --checksig --nogpg filename


5. Misc.

Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.yellowdoglinux.com/ for more
information.

For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_2.2/apt-get.shtml