Security Advisory Important: bind security and bug fix update

Advisory: RHSA-2009:1180-1
Type: Security Advisory
Severity: Important
Issued on: 2009-07-29
Last updated on: 2009-07-29
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.8.z)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.8.z)
Red Hat Enterprise Linux WS (v. 4)
OVAL: com.redhat.rhsa-20091180.xml
CVEs (cve.mitre.org): CVE-2009-0696

Details

Updated bind packages that fix a security issue and a bug are now available
for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.

A flaw was found in the way BIND handles dynamic update message packets
containing the "ANY" record type. A remote attacker could use this flaw to
send a specially-crafted dynamic update packet that could cause named to
exit with an assertion failure. (CVE-2009-0696)

Note: even if named is not configured for dynamic updates, receiving such
a specially-crafted dynamic update packet could still cause named to exit
unexpectedly.

This update also fixes the following bug:

* when running on a system receiving a large number of (greater than 4,000)
DNS requests per second, the named DNS nameserver became unresponsive, and
the named service had to be restarted in order for it to continue serving
requests. This was caused by a deadlock occurring between two threads that
led to the inability of named to continue to service requests. This
deadlock has been resolved with these updated packages so that named no
longer becomes unresponsive under heavy load. (BZ#512668)

All BIND users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. After installing the
update, the BIND daemon (named) will be restarted automatically.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Desktop (v. 4)
SRPMS:
bind-9.2.4-30.el4_8.4.src.rpm     fcc2e4c4bdb76884834bf16aa2c56f4a
 
IA-32:
bind-9.2.4-30.el4_8.4.i386.rpm     76e2e88985dc33bd6d2b3ad2eaf62d5d
bind-chroot-9.2.4-30.el4_8.4.i386.rpm     c08c47053abe215208c442fcf4941b3d
bind-devel-9.2.4-30.el4_8.4.i386.rpm     4abb0726ea9323a00f7d39b7418aa6e9
bind-libs-9.2.4-30.el4_8.4.i386.rpm     91048be78e375f798310842787e48532
bind-utils-9.2.4-30.el4_8.4.i386.rpm     1bd380c56a9614b298df4e4688c944bc
 
x86_64:
bind-9.2.4-30.el4_8.4.x86_64.rpm     9b793a972808642ff1956341b25dd49e
bind-chroot-9.2.4-30.el4_8.4.x86_64.rpm     1e7cd659960cd593599a9b6a9b1ea251
bind-devel-9.2.4-30.el4_8.4.x86_64.rpm     f58372fcd24ceb6d8986db96a4067f1b
bind-libs-9.2.4-30.el4_8.4.i386.rpm     91048be78e375f798310842787e48532
bind-libs-9.2.4-30.el4_8.4.x86_64.rpm     6d6ccbaeff87b33db3f2bc0c913b7d5a
bind-utils-9.2.4-30.el4_8.4.x86_64.rpm     e01d4de3e8393758af9b6f41149eae0b
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
bind-9.2.4-30.el4_8.4.src.rpm     fcc2e4c4bdb76884834bf16aa2c56f4a
 
IA-32:
bind-9.2.4-30.el4_8.4.i386.rpm     76e2e88985dc33bd6d2b3ad2eaf62d5d
bind-chroot-9.2.4-30.el4_8.4.i386.rpm     c08c47053abe215208c442fcf4941b3d
bind-devel-9.2.4-30.el4_8.4.i386.rpm     4abb0726ea9323a00f7d39b7418aa6e9
bind-libs-9.2.4-30.el4_8.4.i386.rpm     91048be78e375f798310842787e48532
bind-utils-9.2.4-30.el4_8.4.i386.rpm     1bd380c56a9614b298df4e4688c944bc
 
IA-64:
bind-9.2.4-30.el4_8.4.ia64.rpm     65281042ebfaba35e266a2cf63d39703
bind-chroot-9.2.4-30.el4_8.4.ia64.rpm     832bbd0c17c9ea7c0bd954a70e9bf802
bind-devel-9.2.4-30.el4_8.4.ia64.rpm     0f601da8a799c155789bad68d11d71cb
bind-libs-9.2.4-30.el4_8.4.i386.rpm     91048be78e375f798310842787e48532
bind-libs-9.2.4-30.el4_8.4.ia64.rpm     7f1fd16e04ba31b72d85af7ead0f6d5a
bind-utils-9.2.4-30.el4_8.4.ia64.rpm     cc5b04a291b5f3e5a0c19b900182dc94
 
PPC:
bind-9.2.4-30.el4_8.4.ppc.rpm     17b64bbf404e94ffd0bfce1901f94fc7
bind-chroot-9.2.4-30.el4_8.4.ppc.rpm     ef14a2363a48bb5f654569c02dcb98bd
bind-devel-9.2.4-30.el4_8.4.ppc.rpm     de93bd433bb240f145544b40cb0ac35f
bind-libs-9.2.4-30.el4_8.4.ppc.rpm     a61022da37c1a81a427dd9d2f3b15615
bind-libs-9.2.4-30.el4_8.4.ppc64.rpm     5d8dfcba3828f99541933a27c9544321
bind-utils-9.2.4-30.el4_8.4.ppc.rpm     4d200328dda202e6c13425d9b2b42925
 
s390:
bind-9.2.4-30.el4_8.4.s390.rpm     3a501155cf7b3114c5cbca1d4f3662c6
bind-chroot-9.2.4-30.el4_8.4.s390.rpm     f4328aeba4527abfec0ce6ec9ffac30d
bind-devel-9.2.4-30.el4_8.4.s390.rpm     5dbd0299f39ad8b884e3cb77127a07b9
bind-libs-9.2.4-30.el4_8.4.s390.rpm     907c9c342fbc75e79eaf234eb760c16c
bind-utils-9.2.4-30.el4_8.4.s390.rpm     e4a90c5e655263300a6df89c310a99ba
 
s390x:
bind-9.2.4-30.el4_8.4.s390x.rpm     4ca4f67033ed884c36d2d7ee11781913
bind-chroot-9.2.4-30.el4_8.4.s390x.rpm     be5fc528c684562b13bb421fe11c3dbe
bind-devel-9.2.4-30.el4_8.4.s390x.rpm     dbb807f6356e1ffc0a5f45da94870062
bind-libs-9.2.4-30.el4_8.4.s390.rpm     907c9c342fbc75e79eaf234eb760c16c
bind-libs-9.2.4-30.el4_8.4.s390x.rpm     8e043817956b44a2902779c344dc5229
bind-utils-9.2.4-30.el4_8.4.s390x.rpm     ebc940b97da6936298781fa40731d359
 
x86_64:
bind-9.2.4-30.el4_8.4.x86_64.rpm     9b793a972808642ff1956341b25dd49e
bind-chroot-9.2.4-30.el4_8.4.x86_64.rpm     1e7cd659960cd593599a9b6a9b1ea251
bind-devel-9.2.4-30.el4_8.4.x86_64.rpm     f58372fcd24ceb6d8986db96a4067f1b
bind-libs-9.2.4-30.el4_8.4.i386.rpm     91048be78e375f798310842787e48532
bind-libs-9.2.4-30.el4_8.4.x86_64.rpm     6d6ccbaeff87b33db3f2bc0c913b7d5a
bind-utils-9.2.4-30.el4_8.4.x86_64.rpm     e01d4de3e8393758af9b6f41149eae0b
 
Red Hat Enterprise Linux AS (v. 4.8.z)
SRPMS:
bind-9.2.4-30.el4_8.4.src.rpm     fcc2e4c4bdb76884834bf16aa2c56f4a
 
IA-32:
bind-9.2.4-30.el4_8.4.i386.rpm     76e2e88985dc33bd6d2b3ad2eaf62d5d
bind-chroot-9.2.4-30.el4_8.4.i386.rpm     c08c47053abe215208c442fcf4941b3d
bind-devel-9.2.4-30.el4_8.4.i386.rpm     4abb0726ea9323a00f7d39b7418aa6e9
bind-libs-9.2.4-30.el4_8.4.i386.rpm     91048be78e375f798310842787e48532
bind-utils-9.2.4-30.el4_8.4.i386.rpm     1bd380c56a9614b298df4e4688c944bc
 
IA-64:
bind-9.2.4-30.el4_8.4.ia64.rpm     65281042ebfaba35e266a2cf63d39703
bind-chroot-9.2.4-30.el4_8.4.ia64.rpm     832bbd0c17c9ea7c0bd954a70e9bf802
bind-devel-9.2.4-30.el4_8.4.ia64.rpm     0f601da8a799c155789bad68d11d71cb
bind-libs-9.2.4-30.el4_8.4.i386.rpm     91048be78e375f798310842787e48532
bind-libs-9.2.4-30.el4_8.4.ia64.rpm     7f1fd16e04ba31b72d85af7ead0f6d5a
bind-utils-9.2.4-30.el4_8.4.ia64.rpm     cc5b04a291b5f3e5a0c19b900182dc94
 
PPC:
bind-9.2.4-30.el4_8.4.ppc.rpm     17b64bbf404e94ffd0bfce1901f94fc7
bind-chroot-9.2.4-30.el4_8.4.ppc.rpm     ef14a2363a48bb5f654569c02dcb98bd
bind-devel-9.2.4-30.el4_8.4.ppc.rpm     de93bd433bb240f145544b40cb0ac35f
bind-libs-9.2.4-30.el4_8.4.ppc.rpm     a61022da37c1a81a427dd9d2f3b15615
bind-libs-9.2.4-30.el4_8.4.ppc64.rpm     5d8dfcba3828f99541933a27c9544321
bind-utils-9.2.4-30.el4_8.4.ppc.rpm     4d200328dda202e6c13425d9b2b42925
 
s390:
bind-9.2.4-30.el4_8.4.s390.rpm     3a501155cf7b3114c5cbca1d4f3662c6
bind-chroot-9.2.4-30.el4_8.4.s390.rpm     f4328aeba4527abfec0ce6ec9ffac30d
bind-devel-9.2.4-30.el4_8.4.s390.rpm     5dbd0299f39ad8b884e3cb77127a07b9
bind-libs-9.2.4-30.el4_8.4.s390.rpm     907c9c342fbc75e79eaf234eb760c16c
bind-utils-9.2.4-30.el4_8.4.s390.rpm     e4a90c5e655263300a6df89c310a99ba
 
s390x:
bind-9.2.4-30.el4_8.4.s390x.rpm     4ca4f67033ed884c36d2d7ee11781913
bind-chroot-9.2.4-30.el4_8.4.s390x.rpm     be5fc528c684562b13bb421fe11c3dbe
bind-devel-9.2.4-30.el4_8.4.s390x.rpm     dbb807f6356e1ffc0a5f45da94870062
bind-libs-9.2.4-30.el4_8.4.s390.rpm     907c9c342fbc75e79eaf234eb760c16c
bind-libs-9.2.4-30.el4_8.4.s390x.rpm     8e043817956b44a2902779c344dc5229
bind-utils-9.2.4-30.el4_8.4.s390x.rpm     ebc940b97da6936298781fa40731d359
 
x86_64:
bind-9.2.4-30.el4_8.4.x86_64.rpm     9b793a972808642ff1956341b25dd49e
bind-chroot-9.2.4-30.el4_8.4.x86_64.rpm     1e7cd659960cd593599a9b6a9b1ea251
bind-devel-9.2.4-30.el4_8.4.x86_64.rpm     f58372fcd24ceb6d8986db96a4067f1b
bind-libs-9.2.4-30.el4_8.4.i386.rpm     91048be78e375f798310842787e48532
bind-libs-9.2.4-30.el4_8.4.x86_64.rpm     6d6ccbaeff87b33db3f2bc0c913b7d5a
bind-utils-9.2.4-30.el4_8.4.x86_64.rpm     e01d4de3e8393758af9b6f41149eae0b
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
bind-9.2.4-30.el4_8.4.src.rpm     fcc2e4c4bdb76884834bf16aa2c56f4a
 
IA-32:
bind-9.2.4-30.el4_8.4.i386.rpm     76e2e88985dc33bd6d2b3ad2eaf62d5d
bind-chroot-9.2.4-30.el4_8.4.i386.rpm     c08c47053abe215208c442fcf4941b3d
bind-devel-9.2.4-30.el4_8.4.i386.rpm     4abb0726ea9323a00f7d39b7418aa6e9
bind-libs-9.2.4-30.el4_8.4.i386.rpm     91048be78e375f798310842787e48532
bind-utils-9.2.4-30.el4_8.4.i386.rpm     1bd380c56a9614b298df4e4688c944bc
 
IA-64:
bind-9.2.4-30.el4_8.4.ia64.rpm     65281042ebfaba35e266a2cf63d39703
bind-chroot-9.2.4-30.el4_8.4.ia64.rpm     832bbd0c17c9ea7c0bd954a70e9bf802
bind-devel-9.2.4-30.el4_8.4.ia64.rpm     0f601da8a799c155789bad68d11d71cb
bind-libs-9.2.4-30.el4_8.4.i386.rpm     91048be78e375f798310842787e48532
bind-libs-9.2.4-30.el4_8.4.ia64.rpm     7f1fd16e04ba31b72d85af7ead0f6d5a
bind-utils-9.2.4-30.el4_8.4.ia64.rpm     cc5b04a291b5f3e5a0c19b900182dc94
 
x86_64:
bind-9.2.4-30.el4_8.4.x86_64.rpm     9b793a972808642ff1956341b25dd49e
bind-chroot-9.2.4-30.el4_8.4.x86_64.rpm     1e7cd659960cd593599a9b6a9b1ea251
bind-devel-9.2.4-30.el4_8.4.x86_64.rpm     f58372fcd24ceb6d8986db96a4067f1b
bind-libs-9.2.4-30.el4_8.4.i386.rpm     91048be78e375f798310842787e48532
bind-libs-9.2.4-30.el4_8.4.x86_64.rpm     6d6ccbaeff87b33db3f2bc0c913b7d5a
bind-utils-9.2.4-30.el4_8.4.x86_64.rpm     e01d4de3e8393758af9b6f41149eae0b
 
Red Hat Enterprise Linux ES (v. 4.8.z)
SRPMS:
bind-9.2.4-30.el4_8.4.src.rpm     fcc2e4c4bdb76884834bf16aa2c56f4a
 
IA-32:
bind-9.2.4-30.el4_8.4.i386.rpm     76e2e88985dc33bd6d2b3ad2eaf62d5d
bind-chroot-9.2.4-30.el4_8.4.i386.rpm     c08c47053abe215208c442fcf4941b3d
bind-devel-9.2.4-30.el4_8.4.i386.rpm     4abb0726ea9323a00f7d39b7418aa6e9
bind-libs-9.2.4-30.el4_8.4.i386.rpm     91048be78e375f798310842787e48532
bind-utils-9.2.4-30.el4_8.4.i386.rpm     1bd380c56a9614b298df4e4688c944bc
 
IA-64:
bind-9.2.4-30.el4_8.4.ia64.rpm     65281042ebfaba35e266a2cf63d39703
bind-chroot-9.2.4-30.el4_8.4.ia64.rpm     832bbd0c17c9ea7c0bd954a70e9bf802
bind-devel-9.2.4-30.el4_8.4.ia64.rpm     0f601da8a799c155789bad68d11d71cb
bind-libs-9.2.4-30.el4_8.4.i386.rpm     91048be78e375f798310842787e48532
bind-libs-9.2.4-30.el4_8.4.ia64.rpm     7f1fd16e04ba31b72d85af7ead0f6d5a
bind-utils-9.2.4-30.el4_8.4.ia64.rpm     cc5b04a291b5f3e5a0c19b900182dc94
 
x86_64:
bind-9.2.4-30.el4_8.4.x86_64.rpm     9b793a972808642ff1956341b25dd49e
bind-chroot-9.2.4-30.el4_8.4.x86_64.rpm     1e7cd659960cd593599a9b6a9b1ea251
bind-devel-9.2.4-30.el4_8.4.x86_64.rpm     f58372fcd24ceb6d8986db96a4067f1b
bind-libs-9.2.4-30.el4_8.4.i386.rpm     91048be78e375f798310842787e48532
bind-libs-9.2.4-30.el4_8.4.x86_64.rpm     6d6ccbaeff87b33db3f2bc0c913b7d5a
bind-utils-9.2.4-30.el4_8.4.x86_64.rpm     e01d4de3e8393758af9b6f41149eae0b
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
bind-9.2.4-30.el4_8.4.src.rpm     fcc2e4c4bdb76884834bf16aa2c56f4a
 
IA-32:
bind-9.2.4-30.el4_8.4.i386.rpm     76e2e88985dc33bd6d2b3ad2eaf62d5d
bind-chroot-9.2.4-30.el4_8.4.i386.rpm     c08c47053abe215208c442fcf4941b3d
bind-devel-9.2.4-30.el4_8.4.i386.rpm     4abb0726ea9323a00f7d39b7418aa6e9
bind-libs-9.2.4-30.el4_8.4.i386.rpm     91048be78e375f798310842787e48532
bind-utils-9.2.4-30.el4_8.4.i386.rpm     1bd380c56a9614b298df4e4688c944bc
 
IA-64:
bind-9.2.4-30.el4_8.4.ia64.rpm     65281042ebfaba35e266a2cf63d39703
bind-chroot-9.2.4-30.el4_8.4.ia64.rpm     832bbd0c17c9ea7c0bd954a70e9bf802
bind-devel-9.2.4-30.el4_8.4.ia64.rpm     0f601da8a799c155789bad68d11d71cb
bind-libs-9.2.4-30.el4_8.4.i386.rpm     91048be78e375f798310842787e48532
bind-libs-9.2.4-30.el4_8.4.ia64.rpm     7f1fd16e04ba31b72d85af7ead0f6d5a
bind-utils-9.2.4-30.el4_8.4.ia64.rpm     cc5b04a291b5f3e5a0c19b900182dc94
 
x86_64:
bind-9.2.4-30.el4_8.4.x86_64.rpm     9b793a972808642ff1956341b25dd49e
bind-chroot-9.2.4-30.el4_8.4.x86_64.rpm     1e7cd659960cd593599a9b6a9b1ea251
bind-devel-9.2.4-30.el4_8.4.x86_64.rpm     f58372fcd24ceb6d8986db96a4067f1b
bind-libs-9.2.4-30.el4_8.4.i386.rpm     91048be78e375f798310842787e48532
bind-libs-9.2.4-30.el4_8.4.x86_64.rpm     6d6ccbaeff87b33db3f2bc0c913b7d5a
bind-utils-9.2.4-30.el4_8.4.x86_64.rpm     e01d4de3e8393758af9b6f41149eae0b
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

512668 - bind gets hung with 4000 accesses / sec
514292 - CVE-2009-0696 bind: DoS (assertion failure) via nsupdate packets


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696
http://www.redhat.com/security/updates/classification/#important
https://www.isc.org/node/474

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/