(RHSA-2009:1179) Important: bind security update

2009-07-2900:00:00

access.redhat.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.965 High

EPSS

Percentile

99.5%

JSON

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.

A flaw was found in the way BIND handles dynamic update message packets
containing the “ANY” record type. A remote attacker could use this flaw to
send a specially-crafted dynamic update packet that could cause named to
exit with an assertion failure. (CVE-2009-0696)

Note: even if named is not configured for dynamic updates, receiving such
a specially-crafted dynamic update packet could still cause named to exit
unexpectedly.

All BIND users are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue. After installing the
update, the BIND daemon (named) will be restarted automatically.

OSVersionArchitecturePackageVersionFilename
RedHat5s390xbind-utils< 9.3.4-10.P1.el5_3.2bind-utils-9.3.4-10.P1.el5_3.2.s390x.rpm
RedHat5i386caching-nameserver< 9.3.4-10.P1.el5_3.2caching-nameserver-9.3.4-10.P1.el5_3.2.i386.rpm
RedHat5s390xbind-utils< 9.3.4-10.P1.el5_3.3bind-utils-9.3.4-10.P1.el5_3.3.s390x.rpm
RedHat5x86_64bind-devel< 9.3.4-10.P1.el5_3.2bind-devel-9.3.4-10.P1.el5_3.2.x86_64.rpm
RedHat5s390xbind-libbind-devel< 9.3.4-10.P1.el5_3.3bind-libbind-devel-9.3.4-10.P1.el5_3.3.s390x.rpm
RedHat5i386bind-chroot< 9.3.4-10.P1.el5_3.3bind-chroot-9.3.4-10.P1.el5_3.3.i386.rpm
RedHat5s390xbind< 9.3.4-10.P1.el5_3.3bind-9.3.4-10.P1.el5_3.3.s390x.rpm
RedHat5ia64bind-chroot< 9.3.4-10.P1.el5_3.2bind-chroot-9.3.4-10.P1.el5_3.2.ia64.rpm
RedHat5i386bind-utils< 9.3.4-10.P1.el5_3.3bind-utils-9.3.4-10.P1.el5_3.3.i386.rpm
RedHat5ppcbind-chroot< 9.3.4-10.P1.el5_3.2bind-chroot-9.3.4-10.P1.el5_3.2.ppc.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	5	s390x	bind-utils	< 9.3.4-10.P1.el5_3.2	bind-utils-9.3.4-10.P1.el5_3.2.s390x.rpm
RedHat	5	i386	caching-nameserver	< 9.3.4-10.P1.el5_3.2	caching-nameserver-9.3.4-10.P1.el5_3.2.i386.rpm
RedHat	5	s390x	bind-utils	< 9.3.4-10.P1.el5_3.3	bind-utils-9.3.4-10.P1.el5_3.3.s390x.rpm
RedHat	5	x86_64	bind-devel	< 9.3.4-10.P1.el5_3.2	bind-devel-9.3.4-10.P1.el5_3.2.x86_64.rpm
RedHat	5	s390x	bind-libbind-devel	< 9.3.4-10.P1.el5_3.3	bind-libbind-devel-9.3.4-10.P1.el5_3.3.s390x.rpm
RedHat	5	i386	bind-chroot	< 9.3.4-10.P1.el5_3.3	bind-chroot-9.3.4-10.P1.el5_3.3.i386.rpm
RedHat	5	s390x	bind	< 9.3.4-10.P1.el5_3.3	bind-9.3.4-10.P1.el5_3.3.s390x.rpm
RedHat	5	ia64	bind-chroot	< 9.3.4-10.P1.el5_3.2	bind-chroot-9.3.4-10.P1.el5_3.2.ia64.rpm
RedHat	5	i386	bind-utils	< 9.3.4-10.P1.el5_3.3	bind-utils-9.3.4-10.P1.el5_3.3.i386.rpm
RedHat	5	ppc	bind-chroot	< 9.3.4-10.P1.el5_3.2	bind-chroot-9.3.4-10.P1.el5_3.2.ppc.rpm