Mandriva Linux Security Advisory : bind (MDVSA-2011:104)
Medium Nessus Plugin ID 54939
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability has been identified and fixed in ISC BIND :
Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets (CVE-2011-1910).
Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:
The updated packages have been patched to correct this issue. For 2010.2 ISC BIND was upgraded to 9.7.3-P1 which is not vulnerable to this issue.
SolutionUpdate the affected packages.