Software Engineering Institute

Notified:  October 21, 2003 Updated: December 11, 2003

Status

Affected

Vendor Statement

Mac OS X 10.3 and later: Not Vulnerable. Mac OS X 10.3 uses a later version of BIND that does not have this vulnerability.

Mac OS X 10.2.x: Recommend upgrading to Mac OS X 10.2.8, then installing BIND 8.4.3 as follows:

First install the Developer Tools if they are not already present, then perform the following steps from the command-line in an application such as Terminal:

1. Download BIND version 8.4.3 by executing the following command:
curl -O ftp://ftp.isc.org/isc/bind/src/8.4.3/bind-src.tar.gz

2. Verify the integrity of this file by typing:
cksum bind-src.tar.gz
which should indicate "3224691664 1438439 bind-src.tar.gz"

3. Unpack the distribution as follows:
tar xvzf bind-src.tar.gz

4. Now you're ready to start building the distribution.
cd to the src/ directory and type "make"

5. The next step will install the new named daemon:
sudo cp bin/named/named /usr/sbin/

6. Reboot

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Notified:  October 21, 2003 Updated: December 01, 2003

Status

Affected

Vendor Statement

Please see ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:19.bind.asc

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
FreeBSD-SA-03:19.bind                                       Security Advisory
The FreeBSD Project

Topic:          bind8 negative cache poison attack

Category:       contrib
Module:         contrib_bind
Announced:      2003-11-28
Credits:        Internet Software Consortium
Affects:        FreeBSD versions through 4.9-RELEASE and 5.1-RELEASE
4-STABLE prior to the correction date
Corrected:      2003-11-28 22:13:47 UTC (RELENG_4, 4.9-STABLE)
2003-11-27 00:54:53 UTC (RELENG_5_1, 5.1-RELEASE-p11)
2003-11-27 16:54:01 UTC (RELENG_5_0, 5.0-RELEASE-p19)
2003-11-27 00:56:06 UTC (RELENG_4_9, 4.9-RELEASE-p1)
2003-11-27 16:34:22 UTC (RELENG_4_8, 4.8-RELEASE-p14)
2003-11-27 16:35:06 UTC (RELENG_4_7, 4.7-RELEASE-p24)
2003-11-27 16:37:00 UTC (RELENG_4_6, 4.6.2-RELEASE-p27)
2003-11-27 16:38:36 UTC (RELENG_4_5, 4.5-RELEASE-p37)
2003-11-27 16:40:03 UTC (RELENG_4_4, 4.4-RELEASE-p47)
CVE Name:       CAN-2003-0914
FreeBSD only:   NO

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
<URL:http://www.freebsd.org/security/>.

I.   Background

BIND 8 is an implementation of the Domain Name System (DNS) protocols.
The named(8) daemon is the Internet domain name server.

II.  Problem Description

A programming error in BIND 8 named can result in a DNS message being
incorrectly cached as a negative response.

III. Impact

An attacker may arrange for malicious DNS messages to be delivered
to a target name server, and cause that name server to cache a
negative response for some target domain name.  The name server would
thereafter respond negatively to legitimate queries for that domain
name, resulting in a denial-of-service for applications that require
DNS.  Almost all Internet applications require DNS, such as the Web,
email, and chat networks.

IV.  Workaround

No workaround is known.

V.   Solution

Do one of the following:

1) Upgrade your vulnerable system to 4.9-STABLE; or to the RELENG_5_1,
RELENG_4_9, RELENG_4_8, or RELENG_4_7 security branch dated after the
correction date.

2) To patch your present system:

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

[FreeBSD 4.9 and -STABLE systems]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-836.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-836.patch.asc

[FreeBSD 4.8 and 5.1 systems]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-834.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-834.patch.asc

[FreeBSD 4.4, 4.5, 4.6, 4.7, and 5.0 systems]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-833.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-833.patch.asc

b) Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/lib/libbind
# make obj && make depend && make
# cd /usr/src/lib/libisc
# make obj && make depend && make
# cd /usr/src/usr.sbin/named
# make obj && make depend && make && make install
# cd /usr/src/libexec/named-xfer
# make obj && make depend && make && make install

After upgrading or patching your system, you must restart named.
Execute the following command as root:

# ndc restart

VI.  Correction details

The following list contains the revision numbers of each file that was
corrected in FreeBSD.

Branch                                                           Revision
Path
- -------------------------------------------------------------------------
RELENG_4
src/contrib/bind/CHANGES                                   1.1.1.7.2.11
src/contrib/bind/README                                     1.1.1.7.2.9
src/contrib/bind/Version                                   1.1.1.3.2.10
src/contrib/bind/bin/named-xfer/named-xfer.c                    1.3.2.8
src/contrib/bind/bin/named/Makefile                             1.3.2.6
src/contrib/bind/bin/named/ns_init.c                        1.1.1.2.2.6
src/contrib/bind/bin/named/ns_resp.c                       1.1.1.2.2.11
src/contrib/bind/bin/nslookup/commands.l                        1.4.2.5
src/contrib/bind/bin/nslookup/debug.c                           1.3.2.6
src/contrib/bind/bin/nslookup/getinfo.c                         1.3.2.9
src/contrib/bind/bin/nslookup/main.c                            1.3.2.7
src/contrib/bind/doc/man/dig.1                                  1.3.2.4
src/contrib/bind/doc/man/host.1                                 1.3.2.5
src/contrib/bind/doc/man/nslookup.8                             1.2.2.5
src/contrib/bind/port/freebsd/include/port_after.h              1.6.2.9
src/contrib/bind/port/freebsd/include/port_before.h         1.1.1.2.2.6
RELENG_5_1
src/UPDATING                                                 1.251.2.13
src/sys/conf/newvers.sh                                       1.50.2.13
src/contrib/bind/Version                                   1.1.1.11.2.1
src/contrib/bind/bin/named/ns_resp.c                       1.1.1.11.2.1
RELENG_5_0
src/UPDATING                                                 1.229.2.25
src/sys/conf/newvers.sh                                       1.48.2.20
src/contrib/bind/Version                                   1.1.1.10.2.1
src/contrib/bind/bin/named/ns_resp.c                       1.1.1.10.2.1
RELENG_4_9
src/UPDATING                                              1.73.2.89.2.2
src/sys/conf/newvers.sh                                   1.44.2.32.2.2
src/contrib/bind/Version                                1.1.1.3.2.9.2.1
src/contrib/bind/bin/named/ns_resp.c                   1.1.1.2.2.10.2.1
RELENG_4_8
src/UPDATING                                             1.73.2.80.2.16
src/sys/conf/newvers.sh                                  1.44.2.29.2.15
src/contrib/bind/Version                                1.1.1.3.2.8.2.1
src/contrib/bind/bin/named/ns_resp.c                    1.1.1.2.2.9.2.1
RELENG_4_7
src/UPDATING                                             1.73.2.74.2.27
src/sys/conf/newvers.sh                                  1.44.2.26.2.26
src/contrib/bind/Version                                1.1.1.3.2.7.2.1
src/contrib/bind/bin/named/ns_resp.c                    1.1.1.2.2.7.2.2
RELENG_4_6
src/UPDATING                                             1.73.2.68.2.56
src/sys/conf/newvers.sh                                  1.44.2.23.2.44
src/contrib/bind/Version                                1.1.1.3.2.6.2.2
src/contrib/bind/bin/named/ns_resp.c                    1.1.1.2.2.6.2.3
RELENG_4_5
src/UPDATING                                             1.73.2.50.2.54
src/sys/conf/newvers.sh                                  1.44.2.20.2.38
src/contrib/bind/Version                                1.1.1.3.2.4.4.2
src/contrib/bind/bin/named/ns_resp.c                    1.1.1.2.2.4.4.3
RELENG_4_4
src/UPDATING                                             1.73.2.43.2.55
src/sys/conf/newvers.sh                                  1.44.2.17.2.46
src/contrib/bind/Version                                1.1.1.3.2.4.2.2
src/contrib/bind/bin/named/ns_resp.c                    1.1.1.2.2.4.2.3
- -------------------------------------------------------------------------

VII. References

<URL:http://www.kb.cert.org/vuls/id/734644>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQE/x8/PFdaIBMps37IRAsl8AJ9zgqn4QmO08d9zj9de8/uGKIQBNgCfeHKC
tM9nSOzoCrM+O+TpNn6ewt4=
=PJi2
-----END PGP SIGNATURE-----

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Notified:  October 21, 2003 Updated: December 03, 2003

Status

Affected

Vendor Statement

Document ID:  HPSBUX0311-303
Date Loaded:  20031130

Title:  SSRT3653 Bind 8.1.2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

-----------------------------------------------------------------
Source: HEWLETT-PACKARD COMPANY
SECURITY BULLETIN: HPSBUX0311-303
Originally issued: 30 November 2003
SSRT3653 Bind 8.1.2
-----------------------------------------------------------------

NOTICE: There are no restrictions for distribution of this
Bulletin provided that it remains complete and intact.

The information in the following Security Bulletin should be
acted upon as soon as possible.  Hewlett-Packard Company will
not be liable for any consequences to any customer resulting
from customer's failure to fully implement instructions in this
Security Bulletin as soon as possible.

-----------------------------------------------------------------

PROBLEM: Potential security vulnerability in Bind 8.1.2.

PLATFORM: HP-UX B.11.00 and B.11.11.

IMPACT: Potential remotely exploitable denial of service.

SOLUTION: Until a product upgrade is available, download and
install appropriate preliminary updates or upgrade
to Bind 9.2.0.

B.11.11 - Install the preliminary depot:
SSRT3653UX.depot.
B.11.00 - A Bind 8.1.2 upgrade is available from
the ftp site listed below.

The issue can be avoided by upgrading to
Bind 9.2.0 which is available now.  The security
bulletin HPSBUX0208-209 has details about required
revisions of Bind 9.2.0 for B.11.00 and B.11.11.

MANUAL ACTIONS: Yes - NonUpdate
B.11.11 - Install SSRT3653UX.depot.
or upgrade to Bind 9.2.0.
B.11.00 - Upgrade to Bind 9.2.0 or
install BIND812v005.depot.

AVAILABILITY:  This bulletin will be revised when a patch
is available for B.11.11.

-----------------------------------------------------------------
A. Background
The potential for a remotely exploitable denial of service
exists in Bind 8.1.2.

AFFECTED VERSIONS

The following is a list by HP-UX revision of
affected filesets and the fileset revision or
patch containing the fix.  To determine if a
system has an affected version, search the
output of "swlist -a revision -l fileset"
for an affected fileset, then determine if
a fixed revision or the applicable patch is
installed.

HP-UX B.11.11
=============
InternetSrvcs.INETSVCS-RUN
fix: install SSRT3653UX.depot or
upgrade to Bind 9.2.0.

HP-UX B.11.00
=============
BINDv812.INETSVCS-BIND
fix: upgrade to BIND-812 revision B.11.00.01.005 or
upgrade to Bind 9.2.0.

END AFFECTED VERSIONS

B. Recommended solution

Note:
The issue can be avoided by upgrading to
Bind 9.2.0 which is available now.  The security
bulletin HPSBUX0208-209 has details about required
revisions of Bind 9.2.0 for B.11.00 and B.11.11.

HP-UX B.11.00 Bind 8.1.2
========================
BIND812 for B.11.00 has been discontinued.  It will
become obsolete by the end of March, 2004.  A new
version of BIND812 for B.11.00 has been created to
address the issue of this bulletin.  However, it is
recommended that customers upgrade to Bind 9.2.0 now.
More details can be found here:

<http://software.hp.com/portal/swdepot/
displayProductInfo.do?productNumber=BIND812>

The new version of BIND812 for B.11.00 is available from
the ftp site listed below.  Since BIND812 for B.11.00 has
been discontinued, this version will not be available
from software.hp.com.

HP-UX B.11.11 Bind 8.1.2
========================

Until a patch is available a temporary depot has been created
to install a version of /usr/sbin/named which addresses the
issue.  The depot is available from the ftp site listed
below.  The depot will not install the new named file unless
PHNE_28450 has been installed first.  PHNE_28450 is available
from <http://itrc.hp.com>.

=========================================================

For B.11.00 download BIND812v005.depot from the
following ftp site.

For B.11.11 download SSRT3653UX.depot from the
following ftp site.

System:    hprc.external.hp.com  (192.170.19.51)
Login:     bind812
Password:  bind812

FTP Access: ftp://bind:bind1@hprc.external.hp.com/
or: ftp://bind:bind1@192.170.19.51/
For B.11.11 - file: SSRT3653UX.depot
For B.11.00 - file: BIND812v005.depot

Note: There is an ftp defect in IE5 that may result in
a browser hang.  To work around this:
- Select Tools -> Internet Options -> Advanced
- Un-check the option:
[ ] Enable folder view for FTP sites

If you wish to verify the md5 sum please refer to:

HPSBUX9408-016
Patch sums and the MD5 program

For B11.00 - BIND812v005.depot
cksum: 1413515727 1239040 BIND812v005.depot
MD5 (BIND812v005.depot) = 333920fa1b74820bee15f2287bacc3c2

For B.11.11 - SSRT3653UX.depot
cksum: 509054485 389120 SSRT3653UX.depot
MD5 (SSRT3653UX.depot) = ee96c169ec3712d5907b7fe983d108dc

For B.11.00 - Install BIND812v005.depot using swinstall.

For B.11.11 - Install SSRT3653UX.depot using swinstall
after PHNE_28450 has been installed.

Further information is available in the readme file:
cd <directory containing SSRT3653UX.depot>
swlist -d -l product -a readme @ $PWD/SSRT3653UX.depot


- ------------------------------------------------------------------

C. To subscribe to automatically receive future NEW HP Security
Bulletins from the HP IT Resource Center via electronic
mail, do the following:

Use your browser to get to the HP IT Resource Center page
at:

http://itrc.hp.com

Use the 'Login' tab at the left side of the screen to login
using your ID and password.  Use your existing login or the
"Register" button at the left to create a login, in order to
gain access to many areas of the ITRC.  Remember to save the
User ID assigned to you, and your password.

In the left most frame select "Maintenance and Support".

Under the "Notifications" section (near the bottom of
the page), select "Support Information Digests".

To -subscribe- to future HP Security Bulletins or other
Technical Digests, click the check box (in the left column)
for the appropriate digest and then click the "Update
Subscriptions" button at the bottom of the page.

or

To -review- bulletins already released, select the link
(in the middle column) for the appropriate digest.

To -gain access- to the Security Patch Matrix, select
the link for "The Security Bulletins Archive".  (near the
bottom of the page)  Once in the archive the third link is
to the current Security Patch Matrix. Updated daily, this
matrix categorizes security patches by platform/OS release,
and by bulletin topic.  Security Patch Check completely
automates the process of reviewing the patch matrix for
11.XX systems.

For information on the Security Patch Check tool, see:
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/
displayProductInfo.pl?productNumber=B6834AA

The security patch matrix is also available via anonymous
ftp:

ftp://ftp.itrc.hp.com/export/patches/hp-ux_patch_matrix/

On the "Support Information Digest Main" page:
click on the "HP Security Bulletin Archive".

D. To report new security vulnerabilities, send email to

security-alert@hp.com

Please encrypt any exploit information using the
security-alert PGP key, available from your local key
server, or by sending a message with a -subject- (not body)
of 'get key' (no quotes) to security-alert@hp.com.

----------------------------------------------------------------

(c) Copyright 2003 Hewlett-Packard Company
Hewlett-Packard Company shall not be liable for technical or
editorial errors or omissions contained herein. The information
in this document is subject to change without notice.
Hewlett-Packard Company and the names of HP products referenced
herein are trademarks and/or service marks of Hewlett-Packard
Company.  Other product and company names mentioned herein may be
trademarks and/or service marks of their respective owners.

________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBP8oPruAfOvwtKn1ZEQJTlwCg2y1qe8rZiKbUPHuCPkFbIIhVaPkAnja2
/Nbi2zNFnmk0FQ0mtBxKx48U
=L5yo
-----END PGP SIGNATURE-----
-----End of Document ID: HPSBUX0311-303--------------------------------------

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Notified:  October 21, 2003 Updated: December 03, 2003

Status

Affected

Vendor Statement

The AIX operating system is vulnerable to the BIND8 cache poisoning attack in releases 4.3.3, 5.1.0 and 5.2.0 . The APAR's for this fix and their availablity are listed below.

APAR number for AIX 4.3.3: IY49899 (available 2/25/2004)
APAR number for AIX 5.1.0: IY49881 (available)
APAR number for AIX 5.2.0: IY49883 (available 12/24/2003)

These APARs can be downloaded by following the link for IBM's Fix Central at:

http://www-1.ibm.com/servers/eserver/support/eseries/fixes

ftp://aix.software.ibm.com/aix/efixes/security/dns_poison_efix.tar.Z

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

IBM has published APAR IY49881 regarding this vulnerability. For more information, please see:

Notified:  September 04, 2003 Updated: December 01, 2003

Status

Affected

Vendor Statement

  Internet Software Consortium Security Advisory.
         Negative Cache Poison Attack

           4 September 2003

    Versions affected:
   BIND 8 prior to 8.3.7
   BIND 8.4.3 Release (8.4.3-REL)

BIND 8.4.3 is a maintenance release of BIND 8.4.  It includes the BIND 8.4.2
release which includes a security fix (also released as BIND 8.3.7).

Highlights.
Maintenance Release.

Highlights (8.4.2)
Security Fix: Negative Cache Poison Fix.

the distribution files are:

ftp://ftp.isc.org/isc/bind/src/8.4.3/bind-src.tar.gz
Ftp://ftp.isc.org/isc/bind/src/8.4.3/bind-doc.tar.gz
ftp://ftp.isc.org/isc/bind/src/8.4.3/bind-contrib.tar.gz

the pgp signature files are:

ftp://ftp.isc.org/isc/bind/src/8.4.3/bind-src.tar.gz.asc
ftp://ftp.isc.org/isc/bind/src/8.4.3/bind-doc.tar.gz.asc
ftp://ftp.isc.org/isc/bind/src/8.4.3/bind-contrib.tar.gz.asc

the md5 checksums are:


MD5 (bind-contrib.tar.gz) = 454f8e3caf1610941a656fcc17e1ecec
MD5 (bind-contrib.tar.gz.asc) = f8f0a5b8985a8180e5bd02207f319980
MD5 (bind-doc.tar.gz) = fcfdaaa2fc7d6485b0e3d08299948bd3
MD5 (bind-doc.tar.gz.asc) = fc0671468c2e3a1e5ff817b69da21a6b
MD5 (bind-src.tar.gz) = e78610fc1663cfe8c2db6a2d132d902b
MD5 (bind-src.tar.gz.asc) = 40453b40819fd940ad4bfabd26425619

Windows NT / Windows 2000 binary distribution.

ftp://ftp.isc.org/isc/bind/contrib/ntbind-8.4.3/readme1st.txt
ftp://ftp.isc.org/isc/bind/contrib/ntbind-8.4.3/BIND8.4.3.zip
ftp://ftp.isc.org/isc/bind/contrib/ntbind-8.4.3/BIND8.4.3.zip.asc

ftp://ftp.isc.org/isc/bind/contrib/ntbind-8.4.3/readme1sttools.txt
ftp://ftp.isc.org/isc/bind/contrib/ntbind-8.4.3/BIND8.4.3Tools.zip
ftp://ftp.isc.org/isc/bind/contrib/ntbind-8.4.3/BIND8.4.3Tools.zip.asc

the md5 checksums are:

MD5 (readme1st.txt) = ac4ce260f151dc1ab393c145f4288bba
MD5 (BIND8.4.3.zip) = 7c3e333f90edbe3820952a62ff6ffdf3
MD5 (BIND8.4.3.zip.asc) = f2190cc390ce584c0cc624835bdcc8eb

MD5 (readme1sttools.txt) = eef4c5782be1a1faac3ca0c756eaef05
MD5 (BIND8.4.3Tools.zip) = 8cb29c092394dfa430ef9ea47b6a02ea
MD5 (BIND8.4.3Tools.zip.asc) = a77b2adb1f23db780f45efee32a92882

top of CHANGES says:

--- 8.4.3 released --- (Mon Nov 24 17:27:52 PST 2003)

1617.[cleanup]don't pre-fetch missing additional address records if
we have one of A/AAAA.

1616.[func]turn on "preferred-glue A;" (if not specified in
named.conf) if the answer space is a standard UDP
message size or smaller.

1615.[func]when query logging log whether TSIG (T) and/or EDNS (E)
was used to make the query.

1614.[cleanup]on dual (IPv4+IPv6) stack servers delay the lookup of
missing glue if we have glue for one family.

1613.[cleanup]notify: don't lookup A/AAAA records for nameservers
if we don't support the address at the transport level.

1612.[func]named now takes arguements -4 and -6 to limit the
IP transport used for making queries.

1611.[debug]better packet tracing in debug output (+ some lint).

1610.[bug]don't explictly declare errno use <errno.h>.

1609.[bug]drop_port() was being called with ports in network
order rather than host order.

1608.[port]sun: force alignment of answer in dig.c.

1607.[bug]do not attempt to prime cache when recursion and
fetch-glue are disabled.

1606.[bug]sysquery duplicate detection was broken when
using forwarders.

1605.[port]sun: force alignment of newmsg in ns_resp.c.

1604.[bug]heap_delete() sometimes violated the heap invariant,
causing timer events not to be posted when due.

1603.[port]ds_remove_gen() mishandled removal IPv6 interfaces.

1602.[port]linux: work around a non-standard __P macro.

1601.[bug]dig could report the wrong server address on transfers.

1600.[bug]debug_freestr() prototype mismatch.

1599.[bug]res_nsearch() save statp->res_h_errno instead of
h_errno.

1598.[bug]dprint_ip_match_list() fails to print the mask
correctly.

1597.[bug]use the actual presentation length of the IP address
to determine if sprintf() is safe in write_tsig_info().

--- 8.4.2 released --- (Thu Sep  4 06:58:22 PDT 2003)

1596.[port]winnt: set USELOOPBACK in port_after.h

1595.[bug]dig: strcat used instead of strcpy.

1594.[bug]if only a single nameserver was listed in resolv.conf
IPv6 default server was also being used.

1593.[port]irix: update port/irix/irix_patch.

1592.[port]irix: provide a sysctl() based getifaddrs()
implementation.

1591.[port]irix: sa_len is a macro.

1590.[port]irix: doesn't have msg_control (NO_MSG_CONTROL)

1589.[port]linux: uninitalised variable.

1588.[port]solaris: provide ALIGN.

1587.[port]NGR_R_END_RESULT was not correct for some ports.

1586.[port]winnt: revert to old socket behaviour for UDP
sockets (Windows 2000 SP2 and later).

1585.[port]solaris: named-xfer needs <fcntl.h>.

1584.[port]bsdos: explictly include <netinet6/in6.h> for
4.0 and 4.1.

1583.[bug]add -X to named-xfer usage message.

1582.[bug]ns_ownercontext() failed to set the correct owner
context for AAAA records. ns_ptrcontext() failed
to return the correct context for IP6.ARPA.

1581.[bug]apply anti-cache poison techniques to negative
answers.

1580.[bug]inet_net_pton() didn't fully handle implicit
multicast IPv4 network addresses.

1579.[bug]ifa_addr can be NULL.

1578.[bug]named-xfer: wrong arguement passed to getnameinfo().

1577.   [func]          return referrals for glue (NS/A/AAAA) if recursion
is not desired (hp->rd = 0).

1576.[bug]res_nsendsigned() incorrectly printed the truncated
UDP response when RES_IGNTC was not set.

1575.[bug]tcp_send() passed the wrong length to evConnect().

1574.[bug]res_nsendsigned() failed to handle truncation
cleanly.

1573.[bug]tsig_size was not being copied by ns_forw().

1572.[port]bsdos: missing #include <ifaddrs.h>.

1571.[bug]AA was sometimes incorrectly set.

1570.[port]decunix: change #1544 broke OSF1 3.2C.

1569.[bug]remove extraneous closes.

1568.[cleanup]reduce the memory footprint for large numbers of
zones.

1567.[port]winnt: install MSVC70.DLL and MFC70.DLL.

1566.[bug]named failed to locate keys declared in masters
clause.

1565.[bug]named-xfer was failing to use TSIG.

1564.[port]linux: allow static linkage to work.

1563.[bug]ndc getargs_closure failed to NUL terminate strings.

1562.[bug]handle non-responsive servers better.

1561.[bug]rtt estimates were not being updated for IPv6
addresses.

1560.[port]linux: add runtime support to handle old kernels
that don't know about msg_control.

1559.[port]named, named-xfer: ensure that stdin, stdout and
stderr are open.

--- 8.4.1-P1 released --- (Sun Jun 15 17:35:10 PDT 2003)

1558.[port]sunos4 doesn't have msg_control (NO_MSG_CONTROL).

1557.[port]linux: socket returns EINVAL for unsupported family.

1556.[bug]reference through NULL pointer.

1555.[bug]sortlist wasn't being applied to AAAA queries.

1554.[bug]IPv4 access list elements of the form number/number
(e.g. 127/8)  were not correctly defined.

1553.[bug]getifaddrs*() failed to set ifa_dstaddr for point
to point links (overwrote ifa_addr).

1552.[bug]buffer overruns in getifaddrs*() if the server has
point to point links.

1551.[port]freebsd: USE_IFNAMELINKIDS should be conditionally
defined.

1550.[port]TruCluster support didn't build.

1549.[port]Solaris 9 has /dev/random.

--- 8.4.1-REL released --- (Sun Jun  8 15:11:32 PDT 2003)

1548.[port]winnt: make recv visible from libbind.

1547.[port]cope with spurious EINVAL from evRead.

1546.[cleanup]dig now reports version 8.4.

1545.[bug]getifaddrs_sun6 was broken.

1544.[port]hpux 10.20 has a broken recvfrom().  Revert to recv()
in named-xfer and work around deprecated recv() in
OSF.

1543.[bug]named failed to send notifies to servers that live
in zones it was authoritative for.

1542.[bug]set IPV6_USE_MIN_MTU on IPv6 sockets if the kernel
supports it.

1541.[bug]getifaddrs_sun6() should be a no-op on early SunOS
releases.

--- 8.4.0-REL released --- (Sun Jun  1 17:49:31 PDT 2003)
BIND 8.3.7 Release

BIND 8.3.7 is a security release of BIND 8.3.  This is expected to
be the last release of BIND 8.3 except for security issues.

The recommended version to use is BIND 9.2.3.  If for whatever
reason you must run BIND 8, use nothing earlier than 8.3.7-REL,
8.4.2-REL.  Do not under any circumstances run BIND 4.

Highlights vs. 8.3.6
Security Fix: Negative Cache Poison Fix.

Highlights vs. 8.3.5
Maintenance release.

Highlights vs. 8.3.4
Maintenance release.

Highlights vs. 8.3.3
Security Fix DoS and buffer overrun.

Highlights vs. 8.3.2
Security Fix libbind. All applications linked against libbind
need to re-linked.
'rndc restart' now preserves named's arguments

Highlights vs. BIND 8.3.1:
dig, nslookup, host and nsupdate have improved IPv6 support.

Highlights vs. BIND 8.3.0:

Critical bug fix to prevent DNS storms. If you have BIND 8.3.0 you
need to upgrade.

the distribution files are:

ftp://ftp.isc.org/isc/bind/src/8.3.7/bind-src.tar.gz
ftp://ftp.isc.org/isc/bind/src/8.3.7/bind-doc.tar.gz
ftp://ftp.isc.org/isc/bind/src/8.3.7/bind-contrib.tar.gz

the pgp signature files are:

ftp://ftp.isc.org/isc/bind/src/8.3.7/bind-src.tar.gz.asc
ftp://ftp.isc.org/isc/bind/src/8.3.7/bind-doc.tar.gz.asc
ftp://ftp.isc.org/isc/bind/src/8.3.7/bind-contrib.tar.gz.asc

the md5 checksums are:

MD5 (bind-contrib.tar.gz) = 89009ee8d937cd652a77742644772023
MD5 (bind-contrib.tar.gz.asc) = 3b91ed818771d21aa37c3ecc4685ba9d
MD5 (bind-doc.tar.gz) = b7ccbde30d8c43202eabf61a51366852
MD5 (bind-doc.tar.gz.asc) = 333f80ec3d12ef7fc27a19ba2f9a9be0
MD5 (bind-src.tar.gz) = 36cc1660eb7d73e872a1e5af6f832167
MD5 (bind-src.tar.gz.asc) = 50a45b11e12441142d6eac423c5d01c7

Windows NT / Windows 2000 binary distribution.

There will be no Windows binary release of BIND 8.3.7.
The current Windows binary release is BIND 8.4.3.

top of CHANGES says:

--- 8.3.7-REL released --- (Wed Sep  3 21:01:37 PDT 2003)

1581.[bug]apply anti-cache poison techniques to negative
answers.

--- 8.3.6-REL released --- (Sun Jun  8 15:11:32 PDT 2003)

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Notified:  October 21, 2003 Updated: November 17, 2003

Status

Affected

Vendor Statement

NetBSD (1.6, 1.6.1 and current) is shipping with vulnerable version of BIND 8. We will upgrade to either 8.3.7 or 8.4.2 as soon as ISC releases the info to the public. Or, users might want to use BIND 9 from pkgsrc.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Notified:  October 21, 2003 Updated: November 20, 2003

Status

Affected

Vendor Statement

The current versions of Nixu NameSurfer are not affected by this issue as they ship with BIND 9.2.2. However, as NameSurfer Suite and NameSurfer Standard Edition also support all the earlier versions of BIND, Nixu recommends that all organizations operating an existing Nixu NameSurfer installation upgrade their visible nameservers to BIND versions 9.2.1 or newer; BIND9 is compatible with NameSurfer versions 3.0.1 or newer.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Notified:  October 21, 2003 Updated: December 01, 2003

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________

SUSE Security Announcement

Package:                bind8
Announcement-ID:        SuSE-SA:2003:047
Date:                   Friday, Nov 28th 2003 15:30 MEST
Affected products:      7.3, 8.0, 8.1, 8.2
Vulnerability Type:     cache poisoning/denial-of-service
Severity (1-10):        5
SUSE default package:   yes
Cross References:       CAN-2003-0914

Content of this advisory:
1) security vulnerability resolved:
- caching negative answers
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds:
- ethereal
- KDE
- mc
- apache1/2
- gpg
- freeradius
- xscreensaver
- screen
- mod_gzip
- gnpan
3) standard appendix (further information)

______________________________________________________________________________

1)  problem description, brief discussion, solution, upgrade information

To resolve IP addresses to host and domain names and vice versa the
DNS service needs to be consulted. The most popular DNS software is
the BIND8 and BIND9 suite. The BIND8 code is vulnerable to a remote
denial-of-service attack by poisoning the cache with authoritative
negative responses that should not be accepted otherwise.
To execute this attack a name-server needs to be under malicious
control and the victim's bind8 has to query this name-server.
The attacker can set a high TTL value to keep his negative record as
long as possible in the cache of the victim. For this time the clients
of the attacked site that rely on the bind8 service will not be able
to reach the domain specified in the negative record.
These records should disappear after the time-interval (TTL) elapsed.

There is no temporary workaround for this bug.

To make this update effective run "rcnamed restart" as root please.

Please download the update package for your distribution and verify its
integrity by the methods listed in section 3) of this announcement.
Then, install the package using the command "rpm -Fhv file.rpm" to apply
the update.
Our maintenance customers are being notified individually. The packages
are being offered to install from the maintenance web.


Intel i386 Platform:

SuSE-8.2:
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/bind8-8.3.4-64.i586.rpm
3d44d46f0e8397c69d53e96aba9fbd6d
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/bind8-8.3.4-64.i586.patch.rpm
cce1df09a0b6fb5cbbddcc462f055c64
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/bind8-8.3.4-64.src.rpm
a980a0eca79de02f135fce1cbe84ee22

SuSE-8.1:
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/bind8-8.2.4-336.i586.rpm
4a46d0560eac1ca5de77c12f8abe4952
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/bind8-8.2.4-336.i586.patch.rpm
c8020302f6f161e9d86a3f1615304a23
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/bind8-8.2.4-336.src.rpm
c9ee184cbd1f1722c94de9fd66f11801

SuSE-8.0:
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/bind8-8.2.4-334.i386.rpm
f739fdb03a7df6685e0aa026f98a0389
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/bind8-8.2.4-334.i386.patch.rpm
a3de26e06b689d29b4b4b08c04fa32f4
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/bind8-8.2.4-334.src.rpm
85d8d9fee3c8a029263777a45b4af011

SuSE-7.3:
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/bind8-8.2.4-334.i386.rpm
381c2b6f805ca30d0fefc98afaee9ba0
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/bind8-8.2.4-334.src.rpm
97a87469cfb573bdd89f8f3a2c02264f



Sparc Platform:

SuSE-7.3:
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/bind8-8.2.4-128.sparc.rpm
c08454b933ed2365d9d2ab1322803af6
source rpm(s):
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/bind8-8.2.4-128.src.rpm
827a7f56273c7a25ac40ffba728e9150



PPC Power PC Platform:

SuSE-7.3:
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/bind8-8.2.4-243.ppc.rpm
12f1f205c08449e945c8ad344a8e3b41
source rpm(s):
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/bind8-8.2.4-243.src.rpm
177093e76b3b8d2679089a1ab1c46d0e

______________________________________________________________________________

2)  Pending vulnerabilities in SUSE Distributions and Workarounds:

- ethereal
A new official version of ethereal, a network traffic analyzer, was
released to fix various security-related problems.
An update package is currently being tested and will be released
as soon as possible.

- KDE
New KDE packages are currently being tested. These packages fixes
several vulnerabilities:
+ remote root compromise (CAN-2003-0690)
+ weak cookies (CAN-2003-0692)
+ SSL man-in-the-middle attack
+ information leak through HTML-referrer (CAN-2003-0459)
+ wrong file permissions of config files
The packages will be release as soon as testing is finished.

- mc
By using a special combination of links in archive-files it is possible
to execute arbitrary commands while mc tries to open it in its VFS.
The packages are currently tested and will be release as soon as
possible.

- apache1/2
The widely used HTTP server apache has several security vulnerabilities:
- locally exploitable buffer overflow in the regular expression code.
The attacker must be able to modify .htaccess or httpd.conf.
(affects: mod_alias and mod_rewrite)
- under some circumstances mod_cgid will output its data to the
wrong client (affects: apache2)
The new packages are available on our FTP servers.


- gpg
In GnuPG version 1.0.2 a new code for ElGamal was introduced.
This code leads to an attack on users who use ElGamal keys for
signing. It is possible to reconstruct the private ElGamal key
by analyzing a public ElGamal signature.
Please note that the ElGamal algorithm is seldomly used and GnuPG
displays several warnings when generating ElGamal signature keys.
The default key generation process in GnuPG will create a DSA signature
key and an ElGamal subkey for _encryption only_. These keys are not
affected by this vulnerability.
Anyone using ElGamal signature keys (type 20, check fourth field of
"gpg --list-keys --with-colon" output) should revoke them.

- freeradius
Two vulnerabilities were found in the FreeRADIUS package.
The remote denial-of-service attack bug was fixed and new packages
will be released as soon as testing was successfully finished.
The other bug is a remote buffer overflow in the module rlm_smb.
We do not ship this module and will fix it for future releases.

- xscreensaver
The well known screen-saver for X is vulnerable to several local
tmp file attacks as well as a crash when verifying a password.
Only SuSE Linux 9.0 products are affected.
The new packages are available on our FTP servers.

- screen
A buffer overflow in screen was reported. Since SuSE Linux 8.0
we do not ship screen with the s-bit anymore. An update package
will be released for 7.3 as soon as possible.

- mod_gzip
The apache module mod_gzip is vulnerable to remote code execution
while running in debug-mode. We do not ship this module in debug-mode
but future versions will include the fix.

- gnpan
A remote denial-of-service attack can be run against the GNOME
news-reader program gnpan. This bug affects SuSE Linux 8.0, 8.1, 8.2.
Update packages are available on our FTP servers.

______________________________________________________________________________

3)  standard appendix: authenticity verification, additional information

- Package authenticity verification:

SUSE update packages are available on many mirror ftp servers all over
the world. While this service is being considered valuable and important
to the free and open source software community, many users wish to be
sure about the origin of the package and its content before installing
the package. There are two verification methods that can be used
independently from each other to prove the authenticity of a downloaded
file or rpm package:
1) md5sums as provided in the (cryptographically signed) announcement.
2) using the internal gpg signatures of the rpm package.

1) execute the command
md5sum <name-of-the-file.rpm>
after you downloaded the file from a SUSE ftp server or its mirrors.
Then, compare the resulting md5sum with the one that is listed in the
announcement. Since the announcement containing the checksums is
cryptographically signed (usually using the key security@suse.de),
the checksums show proof of the authenticity of the package.
We disrecommend to subscribe to security lists which cause the
email message containing the announcement to be modified so that
the signature does not match after transport through the mailing
list software.
Downsides: You must be able to verify the authenticity of the
announcement in the first place. If RPM packages are being rebuilt
and a new version of a package is published on the ftp server, all
md5 sums for the files are useless.

2) rpm package signatures provide an easy way to verify the authenticity
of an rpm package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, where <file.rpm> is the
filename of the rpm package that you have downloaded. Of course,
package authenticity verification can only target an un-installed rpm
package file.
Prerequisites:
a) gpg is installed
b) The package is signed using a certain key. The public part of this
key must be installed by the gpg program in the directory
~/.gnupg/ under the user's home directory who performs the
signature verification (usually root). You can import the key
that is used by SUSE in rpm packages for SUSE Linux by saving
this announcement to a file ("announcement.txt") and
running the command (do "su -" to be root):
gpg --batch; gpg < announcement.txt | gpg --import
SUSE Linux distributions version 7.1 and thereafter install the
key "build@suse.de" upon installation or upgrade, provided that
the package gpg is installed. The file containing the public key
is placed at the top-level directory of the first CD (pubring.gpg)
and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de .


- SUSE runs two security mailing lists to which any interested party may
subscribe:

suse-security@suse.com
-   general/linux/SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an email to
<suse-security-subscribe@suse.com>.

suse-security-announce@suse.com
-   SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an email to
<suse-security-announce-subscribe@suse.com>.

For general information or the frequently asked questions (faq)
send mail to:
<suse-security-info@suse.com> or
<suse-security-faq@suse.com> respectively.

=====================================================================
SUSE's security contact is <security@suse.com> or <security@suse.de>.
The <security@suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________

The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular,
it is desired that the clear-text signature shows proof of the
authenticity of the text.
SUSE Linux AG makes no warranties of any kind whatsoever with respect
to the information contained in this security advisory.

Type Bits/KeyID    Date       User ID
pub  2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
pub  1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iQEVAwUBP8dgT3ey5gA9JdPZAQH5LQf+MA/cLvB14QAZFTXwtqB2tNpcotkmJyF8
oWbsWl7EnsF6hlR7tr3Hjk2bvpzE8yLShtckMvtVAy1Xj29fvWpHjtZM1TEfjWSk
XgxeJ4n5HvKMjyOYopNgdbdQCvcr8v4eWjVA9ekK/WXikIXRWsiN9PhT6c0NQxfA
tO7zHQYHhGwH4jae8aD6EPWJhc1sLzQMC4XCkFxIFlZouAtVr7rShDNUamKcaV63
5c1uhewBorqfD7o8x85OCXcAA9WEnEs7t/mJnHC0hLgYF259YxX3HtXrj18jnD8/
YvVnzfkQwDxRY3qALRjAfd05QGOGir75fSBCtofP2lDPg8igRFo8UQ==
=fX7r
-----END PGP SIGNATURE-----

Bye,
Thomas
--
Thomas Biege <thomas@suse.de>, SUSE LINUX AG, Security Support & Auditing
"lynx -source http://www.suse.de/~thomas/contact/thomas.asc | pgp -fka"
Key fingerprint = 51 AD B9 C7 34 FC F2 54  01 4A 1C D4 66 64 09 83
--
... stay with me, safe and ignorant, go back to sleep...
- Maynard James Keenan

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.