BIND patch for Mandriva 2010.2

Yay, another security vulnerability in old software, this time in many versions of BIND.

  • CVE-2015-4620: …when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit)
  • CVE-2015-5477: …allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.

The easiest way to patch Mandriva 2010.2 seemed to be to build the closest supported version of BIND: 9.9.7 P2 (Mandriva 2010.2 eventually updated to BIND 9.7.6). I took the 9.7.6 source RPM and updated it to 9.9.7 P2, keeping around as many of the patches as I could, and updating them from Mageia as necessary. It seems to work for me, but no guarantees.

BIND 9.9.7 P2 i586 x86-64
Mandriva 2010.2 bind-9.9.7-…i586.rpm
bind-debug-9.9.7-…i586.rpm
bind-devel-9.9.7-…i586.rpm
bind-doc-9.9.7-..i586.rpm
bind-utils-9.9.7-…i586.rpm
bind-9.9.7-…x86_64.rpm
bind-debug-9.9.7-…x86_64.rpm
bind-devel-9.9.7-…x86_64.rpm
bind-doc-9.9.7-…x86_64.rpm
bind-utils-9.9.7-…x86_64.rpm
Source RPM bind-9.9.7-0.0.P2.0.1mdv2010.2.src.rpm

Leave a Reply

  

  

  

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>