These sercurity warnings, are there any system that generates them or are there just devs checking the package website?
On Sat, Jul 28, 2007 at 01:12:00PM +0200, JJDaNiMoTh wrote: > >------------------------------------------------------------ >Arch Linux Security Warning ALSW 2007-#35 >------------------------------------------------------------ > >Name: bind >Date: 2007-07-28 >Severity: High >Warning #: 2007-#35 > >------------------------------------------------------------ > >Product Background >=================== >BIND (Berkeley Internet Name Domain) is an implementation of the Domain Name >System (DNS) protocols and provides an openly redistributable reference >implementation of the major components of the Domain Name System > >Problem Background >=================== >ISC has discovered or has been notified of several bugs which can result in >vulnerabilities of varying levels of severity in BIND as distributed by ISC. > >Impact >================== >[1]The default access control lists (acls) are not being correctly set. If not >set anyone can make recursive queries and/or query the cache contents. >[2]The DNS query id generation is vulnerable to cryptographic analysis which >provides a 1 in 8 chance of guessing the next query id for 50% of the query >ids. This can be used to perform cache poisoning by an attacker. >This bug only affects outgoing queries, generated by BIND 9 to answer >questions as a resolver, or when it is looking up data for internal uses, such >as when sending NOTIFYs to slave name servers. > > >Problem Packages >=================== >Package: bind >Repo: current >Group: daemon >Unsafe: < 9.4.1-P1 >Safe: >= 9.4.1-P1 > >Package Fix >=================== >Upgrade to 9.4.1-P1 > >--------------------------------------------- >Unofficial ArchLinux Security Bug Tracker: >http://jjdanimoth.netsons.org/alsw.html >--------------------------------------------- > >Reference(s) >=================== >[1]http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925 >[2]http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926 >_______________________________________________ >arch mailing list >[email protected] >http://archlinux.org/mailman/listinfo/arch _______________________________________________ arch mailing list [email protected] http://archlinux.org/mailman/listinfo/arch
