openSUSE Security Update: bind security update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:1031-1 Rating: important References: #657102 #657129 Cross-References: CVE-2010-3613 CVE-2010-3614 Affected Products: openSUSE 11.3 openSUSE 11.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes two new package versions. Description: Adding certain types of signed negative responses to cache doesn't clear any matching RRSIG records already in cache. A subsequent lookup of the cached data can cause named to crash (CVE-2010-3613). bind did not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover (CVE-2010-3614). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch bind-3662 - openSUSE 11.2: zypper in -t patch bind-3662 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (i586 x86_64) [New Version: 9.7.1P2]: bind-9.7.1P2-0.4.1 bind-chrootenv-9.7.1P2-0.4.1 bind-devel-9.7.1P2-0.4.1 bind-libs-9.7.1P2-0.4.1 bind-utils-9.7.1P2-0.4.1 - openSUSE 11.3 (x86_64) [New Version: 9.7.1P2]: bind-libs-32bit-9.7.1P2-0.4.1 - openSUSE 11.3 (noarch) [New Version: 9.7.1P2]: bind-doc-9.7.1P2-0.4.1 - openSUSE 11.2 (i586 x86_64) [New Version: 9.6.1P3]: bind-9.6.1P3-1.3.1 bind-chrootenv-9.6.1P3-1.3.1 bind-devel-9.6.1P3-1.3.1 bind-doc-9.6.1P3-1.3.1 bind-libs-9.6.1P3-1.3.1 bind-utils-9.6.1P3-1.3.1 - openSUSE 11.2 (x86_64) [New Version: 9.6.1P3]: bind-libs-32bit-9.6.1P3-1.3.1 References: http://support.novell.com/security/cve/CVE-2010-3613.html http://support.novell.com/security/cve/CVE-2010-3614.html https://bugzilla.novell.com/657102 https://bugzilla.novell.com/657129