SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionSome vulnerabilities were discovered and corrected in bind :
Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3, and 9.0.x through 9.3.x with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks via additional sections in a response sent for resolution of a recursive client query, which is not properly handled when the response is processed at the same time as requesting DNSSEC records (DO). (CVE-2009-4022).
Additionally BIND has been upgraded to the latest point release or closest supported version by ISC.
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
SolutionUpdate the affected bind, bind-devel and / or bind-utils packages.
File Name: mandriva_MDVSA-2009-313.nasl
CPE: p-cpe:/a:mandriva:linux:bind, p-cpe:/a:mandriva:linux:bind-devel, p-cpe:/a:mandriva:linux:bind-utils, cpe:/o:mandriva:linux:2008.0
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 12/3/2009