-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2008-7 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp -------------------------------------------------------------------------- Original released date: 07 Feb 2008 Last revised: 07 Feb 2008 Package: bind Summary: Off-by-one error More information: Bind includes the named name server, which resolves host names to IP addresses (and vice versa), and a resolver library (a set of routines in a system library that provide the interface for programs to use when accessing domain name services). Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption. (CVE-2008-0122) Affected Products: - Turbolinux 11 Server x64 Edition - Turbolinux 11 Server - Turbolinux Appliance Server 2.0 - Turbolinux 10 Server x64 Edition - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 10 Server ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/11/updates/SRPMS/bind-9.4.1-9.src.rpm 6393949 615640ef021c0fbdebb15a457bf6be34 Binary Packages Size: MD5 bind-9.4.1-9.x86_64.rpm 1641587 f5530f7aedbcdc9b6630809e3dcb4a4d bind-chroot-9.4.1-9.x86_64.rpm 13619 91cdd3015c8064e33c054aa52d7c5208 bind-devel-9.4.1-9.x86_64.rpm 3130551 ca17db31f56b179dce423a9b8e188e2f bind-libs-9.4.1-9.x86_64.rpm 923307 0b67cee5938e05392d54fbc1dc314099 bind-sdb-9.4.1-9.x86_64.rpm 218756 95e86e862f471240632d621666434d52 bind-utils-9.4.1-9.x86_64.rpm 377077 eb0022e6e579e9ae48c17a4f751490d6 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/11/updates/SRPMS/bind-9.4.1-9.src.rpm 6393949 c6102356fcaa470a4ec96aeef644bbaa Binary Packages Size: MD5 bind-9.4.1-9.i686.rpm 1620464 c42856ae1e86a63e5595c0af2fbf8a8f bind-chroot-9.4.1-9.i686.rpm 13643 8b564304d24e95552aea36c4d8735684 bind-devel-9.4.1-9.i686.rpm 3040714 fe9a7927d4e38bd0b44d7b132dba26ac bind-libs-9.4.1-9.i686.rpm 830312 360f8f52912a83e27ebce4e8d03b1a0c bind-sdb-9.4.1-9.i686.rpm 202563 ba86e6c5a4af1080fe12deea82ba2099 bind-utils-9.4.1-9.i686.rpm 352242 700786b2698c595f8149c541ad1c1576 Source Packages Size: MD5 bind-9.2.3-14.src.rpm 3535388 5e90efe8ceb6ccfd11156f7efee10054 Binary Packages Size: MD5 bind-9.2.3-14.i586.rpm 371356 eed32b69f3025d89451bce3a1329faf9 bind-chroot-9.2.3-14.i586.rpm 9993 778168acba2cc97df52c95101b61503e bind-libs-9.2.3-14.i586.rpm 417545 72d7c9ba88309786de20cebfd9d87b5d bind-utils-9.2.3-14.i586.rpm 96706 b3931f623dd7bad229f522594081e007 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/bind-9.2.3-14.src.rpm 3535388 2852d24ace478c247553412a03ae8ff2 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/bind-9.2.3-14.x86_64.rpm 398432 1ab544f82a33006491750f4b90feb91d ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/bind-chroot-9.2.3-14.x86_64.rpm 9913 b5907a11db31cb18b37641e367232b43 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/bind-libs-9.2.3-14.x86_64.rpm 519815 5c1c0fbd15335364ebc31c059b95e2b7 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/bind-utils-9.2.3-14.x86_64.rpm 108073 eef6df9ce3b7db24b883d69d21f31a09 Source Packages Size: MD5 bind-9.2.1-8.src.rpm 4980794 a818c1ed603e9e29c62db675d1448fff Binary Packages Size: MD5 bind-9.2.1-8.i586.rpm 2760241 56a3dbe4892539e281f0e46eee0fbddc bind-devel-9.2.1-8.i586.rpm 728283 764d68a74463537786f4191584bf843b bind-utils-9.2.1-8.i586.rpm 1719288 3461c4198c6836aff34c98d7fb6c08e0 Source Packages Size: MD5 bind-9.2.1-8.src.rpm 4980794 1b7c1fa7b4666647794643d2bf7d5e14 Binary Packages Size: MD5 bind-9.2.1-8.i586.rpm 2760859 79c75fe1955294b73be496916fe197de bind-devel-9.2.1-8.i586.rpm 728313 6dedda62f69f550430e480d26cde1e1c bind-utils-9.2.1-8.i586.rpm 1718973 e34a01f1af6e77c85e56532ae6e3a849 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/bind-9.2.3-14.src.rpm 3535388 5e90efe8ceb6ccfd11156f7efee10054 Binary Packages Size: MD5 bind-9.2.3-14.i586.rpm 371356 eed32b69f3025d89451bce3a1329faf9 bind-chroot-9.2.3-14.i586.rpm 9993 778168acba2cc97df52c95101b61503e bind-libs-9.2.3-14.i586.rpm 417545 72d7c9ba88309786de20cebfd9d87b5d bind-utils-9.2.3-14.i586.rpm 96706 b3931f623dd7bad229f522594081e007 References: CVE [CVE-2008-0122] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0122 -------------------------------------------------------------------------- Revision History 07 Feb 2008 Initial release -------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iEYEARECAAYFAkeqtbAACgkQK0LzjOqIJMzOAgCgjLUSDT1VUNN9XAUVI/Itxsw1 /9wAnREj16G0WWM68GM9CmyGRodWc7EE =fxsn -----END PGP SIGNATURE-----