bind security update

2015-07-2710:29:04

CentOS Project

lists.centos.org

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.157 Low

EPSS

Percentile

95.9%

JSON

CentOS Errata and Security Advisory CESA-2015:1471

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.

A flaw was found in the way BIND performed DNSSEC validation. An attacker
able to make BIND (functioning as a DNS resolver with DNSSEC validation
enabled) resolve a name in an attacker-controlled domain could cause named
to exit unexpectedly with an assertion failure. (CVE-2015-4620)

Red Hat would like to thank ISC for reporting this issue.

All bind users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
update, the BIND daemon (named) will be restarted automatically.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2015-July/028374.html

Affected packages:
bind
bind-chroot
bind-devel
bind-libs
bind-sdb
bind-utils

Upstream details at:
https://access.redhat.com/errata/RHSA-2015:1471

OSVersionArchitecturePackageVersionFilename
CentOS6i686bind< 9.8.2-0.37.rc1.el6_7.1bind-9.8.2-0.37.rc1.el6_7.1.i686.rpm
CentOS6i686bind-chroot< 9.8.2-0.37.rc1.el6_7.1bind-chroot-9.8.2-0.37.rc1.el6_7.1.i686.rpm
CentOS6i686bind-devel< 9.8.2-0.37.rc1.el6_7.1bind-devel-9.8.2-0.37.rc1.el6_7.1.i686.rpm
CentOS6i686bind-libs< 9.8.2-0.37.rc1.el6_7.1bind-libs-9.8.2-0.37.rc1.el6_7.1.i686.rpm
CentOS6i686bind-sdb< 9.8.2-0.37.rc1.el6_7.1bind-sdb-9.8.2-0.37.rc1.el6_7.1.i686.rpm
CentOS6i686bind-utils< 9.8.2-0.37.rc1.el6_7.1bind-utils-9.8.2-0.37.rc1.el6_7.1.i686.rpm
CentOS6x86_64bind< 9.8.2-0.37.rc1.el6_7.1bind-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
CentOS6x86_64bind-chroot< 9.8.2-0.37.rc1.el6_7.1bind-chroot-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
CentOS6i686bind-devel< 9.8.2-0.37.rc1.el6_7.1bind-devel-9.8.2-0.37.rc1.el6_7.1.i686.rpm
CentOS6x86_64bind-devel< 9.8.2-0.37.rc1.el6_7.1bind-devel-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	6	i686	bind	< 9.8.2-0.37.rc1.el6_7.1	bind-9.8.2-0.37.rc1.el6_7.1.i686.rpm
CentOS	6	i686	bind-chroot	< 9.8.2-0.37.rc1.el6_7.1	bind-chroot-9.8.2-0.37.rc1.el6_7.1.i686.rpm
CentOS	6	i686	bind-devel	< 9.8.2-0.37.rc1.el6_7.1	bind-devel-9.8.2-0.37.rc1.el6_7.1.i686.rpm
CentOS	6	i686	bind-libs	< 9.8.2-0.37.rc1.el6_7.1	bind-libs-9.8.2-0.37.rc1.el6_7.1.i686.rpm
CentOS	6	i686	bind-sdb	< 9.8.2-0.37.rc1.el6_7.1	bind-sdb-9.8.2-0.37.rc1.el6_7.1.i686.rpm
CentOS	6	i686	bind-utils	< 9.8.2-0.37.rc1.el6_7.1	bind-utils-9.8.2-0.37.rc1.el6_7.1.i686.rpm
CentOS	6	x86_64	bind	< 9.8.2-0.37.rc1.el6_7.1	bind-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
CentOS	6	x86_64	bind-chroot	< 9.8.2-0.37.rc1.el6_7.1	bind-chroot-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
CentOS	6	i686	bind-devel	< 9.8.2-0.37.rc1.el6_7.1	bind-devel-9.8.2-0.37.rc1.el6_7.1.i686.rpm
CentOS	6	x86_64	bind-devel	< 9.8.2-0.37.rc1.el6_7.1	bind-devel-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm