SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionThe DNS query id generation code in BIND9 is vulnerable to cryptographic analysis which provides a 1-in-8 change of guessing the next query ID for 50% of the query IDs, which could be used by a remote attacker to perform cache poisoning by an attacker (CVE-2007-2926).
As well, in BIND9 9.4.x, the default ACLs were note being correctly set, which could allow anyone to make recursive queries and/or query the cache contents (CVE-2007-2925).
This update provides packages which are patched to prevent these issues.
SolutionUpdate the affected bind, bind-devel and / or bind-utils packages.