Mandriva Update For Bind MDVSA-2012:177 (bind) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability was discovered and corrected in bind: BIND 9 nameservers using the DNS64 IPv6 transition mechanism are vulnerable to a software defect that allows a crafted query to crash the server with a REQUIRE assertion failure. Remote exploitation of this defect can be achieved without extensive effort, resulting in a denial-of-service (DoS) vector against affected servers (CVE-2012-5688). The updated packages have been upgraded to bind 9.8.4-P1 which is not vulnerable to this issue.

Affected

bind on Mandriva Linux 2011.0

Severity

Classification

CVE CVE-2012-5688
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:106 (libwmf)
Mandrake Security Advisory MDVSA-2009:165 (ghostscript)
Mandrake Security Advisory MDVSA-2009:036 (python)
Mandrake Security Advisory MDVSA-2009:062 (shadow-utils)
Mandrake Security Advisory MDVSA-2009:076 (avahi)

Mandriva Update for bind MDVSA-2012:177 (bind)

Take action and discover your vulnerabilities