(RHSA-2016:0459) Important: bind security update

2016-03-1600:00:00

access.redhat.com

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.97 High

EPSS

Percentile

99.6%

JSON

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.

A denial of service flaw was found in the way BIND parsed signature records
for DNAME records. By sending a specially crafted query, a remote attacker
could use this flaw to cause named to crash. (CVE-2016-1286)

A denial of service flaw was found in the way BIND processed certain
control channel input. A remote attacker able to send a malformed packet to
the control channel could use this flaw to cause named to crash.
(CVE-2016-1285)

Red Hat would like to thank ISC for reporting these issues.

All bind users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
update, the BIND daemon (named) will be restarted automatically.

OSVersionArchitecturePackageVersionFilename
RedHat7s390xbind-debuginfo< 9.9.4-29.el7_2.3bind-debuginfo-9.9.4-29.el7_2.3.s390x.rpm
RedHat7s390bind-debuginfo< 9.9.4-29.el7_2.3bind-debuginfo-9.9.4-29.el7_2.3.s390.rpm
RedHat5ppccaching-nameserver< 9.3.6-25.P1.el5_11.8caching-nameserver-9.3.6-25.P1.el5_11.8.ppc.rpm
RedHat6s390bind-debuginfo< 9.8.2-0.37.rc1.el6_7.7bind-debuginfo-9.8.2-0.37.rc1.el6_7.7.s390.rpm
RedHat7x86_64bind-sdb< 9.9.4-29.el7_2.3bind-sdb-9.9.4-29.el7_2.3.x86_64.rpm
RedHat5ppc64bind-libs< 9.3.6-25.P1.el5_11.8bind-libs-9.3.6-25.P1.el5_11.8.ppc64.rpm
RedHat5s390xbind-chroot< 9.3.6-25.P1.el5_11.8bind-chroot-9.3.6-25.P1.el5_11.8.s390x.rpm
RedHat7x86_64bind-pkcs11-devel< 9.9.4-29.el7_2.3bind-pkcs11-devel-9.9.4-29.el7_2.3.x86_64.rpm
RedHat5ia64bind-sdb< 9.3.6-25.P1.el5_11.8bind-sdb-9.3.6-25.P1.el5_11.8.ia64.rpm
RedHat7ppcbind-lite-devel< 9.9.4-29.el7_2.3bind-lite-devel-9.9.4-29.el7_2.3.ppc.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	7	s390x	bind-debuginfo	< 9.9.4-29.el7_2.3	bind-debuginfo-9.9.4-29.el7_2.3.s390x.rpm
RedHat	7	s390	bind-debuginfo	< 9.9.4-29.el7_2.3	bind-debuginfo-9.9.4-29.el7_2.3.s390.rpm
RedHat	5	ppc	caching-nameserver	< 9.3.6-25.P1.el5_11.8	caching-nameserver-9.3.6-25.P1.el5_11.8.ppc.rpm
RedHat	6	s390	bind-debuginfo	< 9.8.2-0.37.rc1.el6_7.7	bind-debuginfo-9.8.2-0.37.rc1.el6_7.7.s390.rpm
RedHat	7	x86_64	bind-sdb	< 9.9.4-29.el7_2.3	bind-sdb-9.9.4-29.el7_2.3.x86_64.rpm
RedHat	5	ppc64	bind-libs	< 9.3.6-25.P1.el5_11.8	bind-libs-9.3.6-25.P1.el5_11.8.ppc64.rpm
RedHat	5	s390x	bind-chroot	< 9.3.6-25.P1.el5_11.8	bind-chroot-9.3.6-25.P1.el5_11.8.s390x.rpm
RedHat	7	x86_64	bind-pkcs11-devel	< 9.9.4-29.el7_2.3	bind-pkcs11-devel-9.9.4-29.el7_2.3.x86_64.rpm
RedHat	5	ia64	bind-sdb	< 9.3.6-25.P1.el5_11.8	bind-sdb-9.3.6-25.P1.el5_11.8.ia64.rpm
RedHat	7	ppc	bind-lite-devel	< 9.9.4-29.el7_2.3	bind-lite-devel-9.9.4-29.el7_2.3.ppc.rpm