This is the other shoe to the bind update we got yesterday for SP1. If we were using bind it would be running against the LNS DNS servers in caching mode and I hope we can trust them. But fortunately we aren't. So no rush. Ted Rodriguez-Bell Enterprise Virtualization, z/VM and z/Linux, Wells Fargo (415) 477-6891 office   (415) 516-7913 cell 201 3rd St., MAC A0187-050, San Francisco, CA 94103 4155167913@vtext.com or http://www.vtext.com text paging (but cell is safer) Company policy requires: This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -----Original Message----- From: opensuse-security@opensuse.org [mailto:opensuse-security@opensuse.org] Sent: Thursday, June 14, 2012 8:08 PM To: opensuse-security-announce@opensuse.org Subject: [security-announce] SUSE-SU-2012:0741-2: important: Security update for bind SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0741-2 Rating: important References: #765315 Cross-References: CVE-2012-1667 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: The following issue has been fixed: * Records with zero length rdata field could have crashed named or disclose portions of memory to clients (CVE-2012-1667). Security Issue reference: * CVE-2012-1667 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667

Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-bind-6382 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-bind-6382 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-bind-6382 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-bind-6382 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.6ESVR7P1]: bind-devel-9.6ESVR7P1-0.5.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64) [New Version: 9.6ESVR7P1]: bind-devel-32bit-9.6ESVR7P1-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 9.6ESVR7P1]: bind-9.6ESVR7P1-0.5.1 bind-chrootenv-9.6ESVR7P1-0.5.1 bind-doc-9.6ESVR7P1-0.5.1 bind-libs-9.6ESVR7P1-0.5.1 bind-utils-9.6ESVR7P1-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64) [New Version: 9.6ESVR7P1]: bind-libs-32bit-9.6ESVR7P1-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.6ESVR7P1]: bind-9.6ESVR7P1-0.5.1 bind-chrootenv-9.6ESVR7P1-0.5.1 bind-doc-9.6ESVR7P1-0.5.1 bind-libs-9.6ESVR7P1-0.5.1 bind-utils-9.6ESVR7P1-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 9.6ESVR7P1]: bind-libs-32bit-9.6ESVR7P1-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 9.6ESVR7P1]: bind-libs-x86-9.6ESVR7P1-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 9.6ESVR7P1]: bind-libs-9.6ESVR7P1-0.5.1 bind-utils-9.6ESVR7P1-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 9.6ESVR7P1]: bind-libs-32bit-9.6ESVR7P1-0.5.1 References: http://support.novell.com/security/cve/CVE-2012-1667.html https://bugzilla.novell.com/765315 http://download.novell.com/patch/finder/?keywords=6c613f6b4f6b9ab1c13907a84d... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org