Environment
Novell NetWare
Novell openSUSE
Novell SUSE Linux Enterprise
Novell Open Enterprise Server (NetWare based)
Novell Open Enterprise Server (Linux based)
ISC BIND
Novell openSUSE
Novell SUSE Linux Enterprise
Novell Open Enterprise Server (NetWare based)
Novell Open Enterprise Server (Linux based)
ISC BIND
Situation
On July 8th, 2008, CERT released Vulnerability Note VU#800113
regarding deficiencies in the DNS protocol and common DNS
implementations that facilitate DNS cache poisoning attacks. The Common
Vulnerabilities and Exposures (CVE) identifier for this issue is CVE-2008-1447.
Status - BIND packages on Linux (Last updated: 2008-07-11)
The BIND packages in Novell's Linux products were affected by this issue. Fixed packages have been released for SLES10 SP2, SLES10 SP1, SLES9 as well as for openSUSE 11.0, 10.3 and 10.2.
Status - novell-bind packages on OES2 (Last updated: 2008-07-26)
Open Enterprise Server 2 includes novell-bind which provides an eDirectory-integrated DNS server. Fixes for this issue were release July 25th, 2008, in novell-bind-9.3.2-52.3.i586.rpm& novell-bind-9.3.2-52.3.x86_64.rpm
Status - NetWare (Last updated: 2008-07-26)
Novell has identified that NetWare (all versions) is susceptible to the DNS cache poisoning security flaw. Fixes for this issue were included in named.nlm released July 25th, 2008.
Status - BIND packages on Linux (Last updated: 2008-07-11)
The BIND packages in Novell's Linux products were affected by this issue. Fixed packages have been released for SLES10 SP2, SLES10 SP1, SLES9 as well as for openSUSE 11.0, 10.3 and 10.2.
Status - novell-bind packages on OES2 (Last updated: 2008-07-26)
Open Enterprise Server 2 includes novell-bind which provides an eDirectory-integrated DNS server. Fixes for this issue were release July 25th, 2008, in novell-bind-9.3.2-52.3.i586.rpm& novell-bind-9.3.2-52.3.x86_64.rpm
Status - NetWare (Last updated: 2008-07-26)
Novell has identified that NetWare (all versions) is susceptible to the DNS cache poisoning security flaw. Fixes for this issue were included in named.nlm released July 25th, 2008.
Status
Security AlertTop Issue