Yellow Dog Linux Security Advisory: YDU-20020606-6
Dan Burcaw
yellowdog-updates@lists.terrasoftsolutions.com
Thu, 6 Jun 2002 20:00:44 -0600 (MDT)
Yellow Dog Linux Security Announcement
--------------------------------------
Package: bind
Issue Date: June 06, 2002
Priority: high
Advisory ID: YDU-20020606-6
1. Topic:
Updated bind packages are available.
2. Problem:
"BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. Versions of BIND 9 prior to 9.2.1 have a bug
that causes certain requests to the BIND name server (named) to fail an
internal consistency check, causing the name server to stop responding to
requests. This can be used by a remote attacker to cause a denial of
service (DOS) attack against name servers.
[Yellow Dog Linux 2.x] shipped with versions of BIND vulnerable to
this issue. All users of BIND are advised to upgrade to the errata
packages containing BIND 9.2.1 which is not vulnerable to this issue."
(from Red Hat Advisory)
3. Solution:
a) Updating via apt...
We suggest that you use the apt-get program to keep your
system up-to-date. The following command(s) will retrieve
and install the fixed version of this update onto your system:
apt-get update
apt-get install bind
b) Updating manually...
The update can also be retrieved manually from our ftp site
below along with the rpm command that should be used to install
the update. (Please use a mirror site)
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.2/ppc/
rpm -Fvh bind-*9.2.1-0.7x.ppc.rpm
4. Verification
MD5 checksum Package
-------------------------------- ----------------------------
9924567aabc99df62dfe0f8c6277db03 ppc/bind-9.2.1-0.7x.ppc.rpm
67af6dc5fee9b37c2f718c2c5ab0b7e3 ppc/bind-devel-9.2.1-0.7x.ppc.rpm
ebfad39b5e6f76acc129a046c98c4cf6 ppc/bind-utils-9.2.1-0.7x.ppc.rpm
ff210c200afbe221c2a5c7c277c6f43c SRPMS/bind-9.2.1-0.7x.src.rpm
If you wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: rpm --checksig --nogpg filename
5. Misc.
Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.yellowdoglinux.com/ for more
information.
For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_2.2/apt-get.shtml