bind 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1174236795
업데이트 : 2007.03.19
상세내용
Bind 는 name server 를 운영하기 위한 데몬이다.
- 9.4.0 update
- security fixed
. CVE-2007-0493
Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to
9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only)
allows remote attackers to cause a denial of service (named daemon crash)
via unspecified vectors that cause named to "dereference a freed fetch context."
. CVE-2007-0494:
ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to
9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only)
allows remote attackers to cause a denial of service (exit) via a type * (ANY)
DNS query response that contains multiple RRsets, which triggers an assertion
error, aka the "DNSSEC Validation" vulnerability.
Autoupdates 지원 :
1.2 update 종료. 1.3 으로 migration 후에 pkgadd 를 이용 하십시오.
http://annyung.oops.org/?m=white&p=migration
update 패키지
RPMS :
. bind-9.4.0-1.i686.rpm
. bind-utils-9.4.0-1.i686.rpm
. bind-devel-9.4.0-1.i686.rpm
SRPMS :
. bind-9.4.0-1.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494
|