MDVSA-2009:037 -- Mandriva bindID: oval:org.secpod.oval:def:300481 | Date: (C)2012-01-07 (M)2021-06-02 |
Class: PATCH | Family: unix |
Internet Systems Consortium BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025. In this particular case the DSA_verify function was fixed with MDVSA-2009:002, this update does however address the RSA_verify function .
Platform: |
Mandriva Linux 2009.0 |
Mandriva Linux 2008.1 |
Mandriva Linux 2008.0 |