Skip to navigation

Security Advisory Important: bind security and bug fix update

Advisory: RHSA-2009:1181-1
Type: Security Advisory
Severity: Important
Issued on: 2009-07-29
Last updated on: 2009-07-29
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 3)
CVEs (cve.mitre.org): CVE-2009-0696

Details

Updated bind packages that fix a security issue and a bug are now available
for Red Hat Enterprise Linux 3.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.

A flaw was found in the way BIND handles dynamic update message packets
containing the "ANY" record type. A remote attacker could use this flaw to
send a specially-crafted dynamic update packet that could cause named to
exit with an assertion failure. (CVE-2009-0696)

Note: even if named is not configured for dynamic updates, receiving such
a specially-crafted dynamic update packet could still cause named to exit
unexpectedly.

This update also fixes the following bug:

* the following message could have been logged: "internal_accept: fcntl()
failed: Too many open files". With these updated packages, timeout queries
are aborted in order to reduce the number of open UDP sockets, and when the
accept() function returns an EMFILE error value, that situation is now
handled gracefully, thus resolving the issue. (BZ#498164)

All BIND users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. After installing the
update, the BIND daemon (named) will be restarted automatically.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Desktop (v. 3)
SRPMS:
ftp://updates.redhat.com/rhn/public/NULL/bind/9.2.4-25.el3/SRPMS/bind-9.2.4-25.el3.src.rpm
Missing file		     MD5: 81ca662773d33855bcc3ba4fa051e1dd
 
IA-32:
ftp://updates.redhat.com/rhn/public/NULL/bind/9.2.4-25.el3/i386/bind-9.2.4-25.el3.i386.rpm
Missing file		     MD5: cf5f1df51b2943ae92d5329f0212f5bd
ftp://updates.redhat.com/rhn/public/NULL/bind-chroot/9.2.4-25.el3/i386/bind-chroot-9.2.4-25.el3.i386.rpm
Missing file		     MD5: aec9cb186214cf3a2b06f58b367136bf
ftp://updates.redhat.com/rhn/public/NULL/bind-devel/9.2.4-25.el3/i386/bind-devel-9.2.4-25.el3.i386.rpm
Missing file		     MD5: c73bf4f968b45b149d95e91ac079b35b
ftp://updates.redhat.com/rhn/public/NULL/bind-libs/9.2.4-25.el3/i386/bind-libs-9.2.4-25.el3.i386.rpm
Missing file		     MD5: bc019c30ebb67e1b122e3c6081f39137
ftp://updates.redhat.com/rhn/public/NULL/bind-utils/9.2.4-25.el3/i386/bind-utils-9.2.4-25.el3.i386.rpm
Missing file		     MD5: c2f2e2e098aa7c5f77861868eb47abc8
 
x86_64:
ftp://updates.redhat.com/rhn/public/NULL/bind/9.2.4-25.el3/x86_64/bind-9.2.4-25.el3.x86_64.rpm
Missing file		     MD5: 398115eccdfdf7afe6773f1274109411
ftp://updates.redhat.com/rhn/public/NULL/bind-chroot/9.2.4-25.el3/x86_64/bind-chroot-9.2.4-25.el3.x86_64.rpm
Missing file		     MD5: 61ca79aec5509a32ec62dcb2e9bddb45
ftp://updates.redhat.com/rhn/public/NULL/bind-devel/9.2.4-25.el3/x86_64/bind-devel-9.2.4-25.el3.x86_64.rpm
Missing file		     MD5: f947f812b3301e3061bf08b6490940d3
ftp://updates.redhat.com/rhn/public/NULL/bind-libs/9.2.4-25.el3/x86_64/bind-libs-9.2.4-25.el3.x86_64.rpm
Missing file		     MD5: 125c397628e48616ab92cc3f604bd47c
ftp://updates.redhat.com/rhn/public/NULL/bind-utils/9.2.4-25.el3/x86_64/bind-utils-9.2.4-25.el3.x86_64.rpm
Missing file		     MD5: a25c95ab4d4d3ea5fad85dac89749487
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
ftp://updates.redhat.com/rhn/public/NULL/bind/9.2.4-25.el3/SRPMS/bind-9.2.4-25.el3.src.rpm
Missing file		     MD5: 81ca662773d33855bcc3ba4fa051e1dd
 
IA-32:
ftp://updates.redhat.com/rhn/public/NULL/bind/9.2.4-25.el3/i386/bind-9.2.4-25.el3.i386.rpm
Missing file		     MD5: cf5f1df51b2943ae92d5329f0212f5bd
ftp://updates.redhat.com/rhn/public/NULL/bind-chroot/9.2.4-25.el3/i386/bind-chroot-9.2.4-25.el3.i386.rpm
Missing file		     MD5: aec9cb186214cf3a2b06f58b367136bf
ftp://updates.redhat.com/rhn/public/NULL/bind-devel/9.2.4-25.el3/i386/bind-devel-9.2.4-25.el3.i386.rpm
Missing file		     MD5: c73bf4f968b45b149d95e91ac079b35b
ftp://updates.redhat.com/rhn/public/NULL/bind-libs/9.2.4-25.el3/i386/bind-libs-9.2.4-25.el3.i386.rpm
Missing file		     MD5: bc019c30ebb67e1b122e3c6081f39137
ftp://updates.redhat.com/rhn/public/NULL/bind-utils/9.2.4-25.el3/i386/bind-utils-9.2.4-25.el3.i386.rpm
Missing file		     MD5: c2f2e2e098aa7c5f77861868eb47abc8
 
IA-64:
ftp://updates.redhat.com/rhn/public/NULL/bind/9.2.4-25.el3/ia64/bind-9.2.4-25.el3.ia64.rpm
Missing file		     MD5: 1627ea40db0495188eb9fadb5f4a4188
ftp://updates.redhat.com/rhn/public/NULL/bind-chroot/9.2.4-25.el3/ia64/bind-chroot-9.2.4-25.el3.ia64.rpm
Missing file		     MD5: 83cb1afe03c2332a624df731b96ee06a
ftp://updates.redhat.com/rhn/public/NULL/bind-devel/9.2.4-25.el3/ia64/bind-devel-9.2.4-25.el3.ia64.rpm
Missing file		     MD5: a0f788d4e6698c1c072e758505f63661
ftp://updates.redhat.com/rhn/public/NULL/bind-libs/9.2.4-25.el3/ia64/bind-libs-9.2.4-25.el3.ia64.rpm
Missing file		     MD5: 76db813e6590c00bed215e55876aa17c
ftp://updates.redhat.com/rhn/public/NULL/bind-utils/9.2.4-25.el3/ia64/bind-utils-9.2.4-25.el3.ia64.rpm
Missing file		     MD5: 94f363811709466b4a662444ca562a4e
 
PPC:
ftp://updates.redhat.com/rhn/public/NULL/bind/9.2.4-25.el3/ppc/bind-9.2.4-25.el3.ppc.rpm
Missing file		     MD5: df932de0623aa1d5cd78d91430cda79c
ftp://updates.redhat.com/rhn/public/NULL/bind-chroot/9.2.4-25.el3/ppc/bind-chroot-9.2.4-25.el3.ppc.rpm
Missing file		     MD5: c607e9046e340ca5fee3fa824e70cf13
ftp://updates.redhat.com/rhn/public/NULL/bind-devel/9.2.4-25.el3/ppc/bind-devel-9.2.4-25.el3.ppc.rpm
Missing file		     MD5: 206ec1d923116529c7f69441dce5c0f4
ftp://updates.redhat.com/rhn/public/NULL/bind-libs/9.2.4-25.el3/ppc/bind-libs-9.2.4-25.el3.ppc.rpm
Missing file		     MD5: 279b9598ede299c37ab62c78913036d4
ftp://updates.redhat.com/rhn/public/NULL/bind-utils/9.2.4-25.el3/ppc/bind-utils-9.2.4-25.el3.ppc.rpm
Missing file		     MD5: a438beae4fda3b84c4c015d27cf2d8b6
 
s390:
ftp://updates.redhat.com/rhn/public/NULL/bind/9.2.4-25.el3/s390/bind-9.2.4-25.el3.s390.rpm
Missing file		     MD5: 87b189bda1a3da018757ad5341c0025f
ftp://updates.redhat.com/rhn/public/NULL/bind-chroot/9.2.4-25.el3/s390/bind-chroot-9.2.4-25.el3.s390.rpm
Missing file		     MD5: 2d7f9b6b29a779145667c7869a96990d
ftp://updates.redhat.com/rhn/public/NULL/bind-devel/9.2.4-25.el3/s390/bind-devel-9.2.4-25.el3.s390.rpm
Missing file		     MD5: 0e9bdf884c5fc33c28bd021302f66093
ftp://updates.redhat.com/rhn/public/NULL/bind-libs/9.2.4-25.el3/s390/bind-libs-9.2.4-25.el3.s390.rpm
Missing file		     MD5: 9ed647092a49cc21c49f524e9a63e208
ftp://updates.redhat.com/rhn/public/NULL/bind-utils/9.2.4-25.el3/s390/bind-utils-9.2.4-25.el3.s390.rpm
Missing file		     MD5: 20e764bc332afb1fbb5301cfa6bcdfa6
 
s390x:
ftp://updates.redhat.com/rhn/public/NULL/bind/9.2.4-25.el3/s390x/bind-9.2.4-25.el3.s390x.rpm
Missing file		     MD5: 5aa9a5494a2d03c105f3490b85c8237c
ftp://updates.redhat.com/rhn/public/NULL/bind-chroot/9.2.4-25.el3/s390x/bind-chroot-9.2.4-25.el3.s390x.rpm
Missing file		     MD5: f7229510b6b5641dfc42ba8a502a74f9
ftp://updates.redhat.com/rhn/public/NULL/bind-devel/9.2.4-25.el3/s390x/bind-devel-9.2.4-25.el3.s390x.rpm
Missing file		     MD5: b1024101078e7f3b502b80d02b188909
ftp://updates.redhat.com/rhn/public/NULL/bind-libs/9.2.4-25.el3/s390x/bind-libs-9.2.4-25.el3.s390x.rpm
Missing file		     MD5: fea0fd607866e1c851b441d0e357971a
ftp://updates.redhat.com/rhn/public/NULL/bind-utils/9.2.4-25.el3/s390x/bind-utils-9.2.4-25.el3.s390x.rpm
Missing file		     MD5: ba4afc703cc79b25ab8c2ff0a5adc671
 
x86_64:
ftp://updates.redhat.com/rhn/public/NULL/bind/9.2.4-25.el3/x86_64/bind-9.2.4-25.el3.x86_64.rpm
Missing file		     MD5: 398115eccdfdf7afe6773f1274109411
ftp://updates.redhat.com/rhn/public/NULL/bind-chroot/9.2.4-25.el3/x86_64/bind-chroot-9.2.4-25.el3.x86_64.rpm
Missing file		     MD5: 61ca79aec5509a32ec62dcb2e9bddb45
ftp://updates.redhat.com/rhn/public/NULL/bind-devel/9.2.4-25.el3/x86_64/bind-devel-9.2.4-25.el3.x86_64.rpm
Missing file		     MD5: f947f812b3301e3061bf08b6490940d3
ftp://updates.redhat.com/rhn/public/NULL/bind-libs/9.2.4-25.el3/x86_64/bind-libs-9.2.4-25.el3.x86_64.rpm
Missing file		     MD5: 125c397628e48616ab92cc3f604bd47c
ftp://updates.redhat.com/rhn/public/NULL/bind-utils/9.2.4-25.el3/x86_64/bind-utils-9.2.4-25.el3.x86_64.rpm
Missing file		     MD5: a25c95ab4d4d3ea5fad85dac89749487
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
ftp://updates.redhat.com/rhn/public/NULL/bind/9.2.4-25.el3/SRPMS/bind-9.2.4-25.el3.src.rpm
Missing file		     MD5: 81ca662773d33855bcc3ba4fa051e1dd
 
IA-32:
ftp://updates.redhat.com/rhn/public/NULL/bind/9.2.4-25.el3/i386/bind-9.2.4-25.el3.i386.rpm
Missing file		     MD5: cf5f1df51b2943ae92d5329f0212f5bd
ftp://updates.redhat.com/rhn/public/NULL/bind-chroot/9.2.4-25.el3/i386/bind-chroot-9.2.4-25.el3.i386.rpm
Missing file		     MD5: aec9cb186214cf3a2b06f58b367136bf
ftp://updates.redhat.com/rhn/public/NULL/bind-devel/9.2.4-25.el3/i386/bind-devel-9.2.4-25.el3.i386.rpm
Missing file		     MD5: c73bf4f968b45b149d95e91ac079b35b
ftp://updates.redhat.com/rhn/public/NULL/bind-libs/9.2.4-25.el3/i386/bind-libs-9.2.4-25.el3.i386.rpm
Missing file		     MD5: bc019c30ebb67e1b122e3c6081f39137
ftp://updates.redhat.com/rhn/public/NULL/bind-utils/9.2.4-25.el3/i386/bind-utils-9.2.4-25.el3.i386.rpm
Missing file		     MD5: c2f2e2e098aa7c5f77861868eb47abc8
 
IA-64:
ftp://updates.redhat.com/rhn/public/NULL/bind/9.2.4-25.el3/ia64/bind-9.2.4-25.el3.ia64.rpm
Missing file		     MD5: 1627ea40db0495188eb9fadb5f4a4188
ftp://updates.redhat.com/rhn/public/NULL/bind-chroot/9.2.4-25.el3/ia64/bind-chroot-9.2.4-25.el3.ia64.rpm
Missing file		     MD5: 83cb1afe03c2332a624df731b96ee06a
ftp://updates.redhat.com/rhn/public/NULL/bind-devel/9.2.4-25.el3/ia64/bind-devel-9.2.4-25.el3.ia64.rpm
Missing file		     MD5: a0f788d4e6698c1c072e758505f63661
ftp://updates.redhat.com/rhn/public/NULL/bind-libs/9.2.4-25.el3/ia64/bind-libs-9.2.4-25.el3.ia64.rpm
Missing file		     MD5: 76db813e6590c00bed215e55876aa17c
ftp://updates.redhat.com/rhn/public/NULL/bind-utils/9.2.4-25.el3/ia64/bind-utils-9.2.4-25.el3.ia64.rpm
Missing file		     MD5: 94f363811709466b4a662444ca562a4e
 
x86_64:
ftp://updates.redhat.com/rhn/public/NULL/bind/9.2.4-25.el3/x86_64/bind-9.2.4-25.el3.x86_64.rpm
Missing file		     MD5: 398115eccdfdf7afe6773f1274109411
ftp://updates.redhat.com/rhn/public/NULL/bind-chroot/9.2.4-25.el3/x86_64/bind-chroot-9.2.4-25.el3.x86_64.rpm
Missing file		     MD5: 61ca79aec5509a32ec62dcb2e9bddb45
ftp://updates.redhat.com/rhn/public/NULL/bind-devel/9.2.4-25.el3/x86_64/bind-devel-9.2.4-25.el3.x86_64.rpm
Missing file		     MD5: f947f812b3301e3061bf08b6490940d3
ftp://updates.redhat.com/rhn/public/NULL/bind-libs/9.2.4-25.el3/x86_64/bind-libs-9.2.4-25.el3.x86_64.rpm
Missing file		     MD5: 125c397628e48616ab92cc3f604bd47c
ftp://updates.redhat.com/rhn/public/NULL/bind-utils/9.2.4-25.el3/x86_64/bind-utils-9.2.4-25.el3.x86_64.rpm
Missing file		     MD5: a25c95ab4d4d3ea5fad85dac89749487
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
ftp://updates.redhat.com/rhn/public/NULL/bind/9.2.4-25.el3/SRPMS/bind-9.2.4-25.el3.src.rpm
Missing file		     MD5: 81ca662773d33855bcc3ba4fa051e1dd
 
IA-32:
ftp://updates.redhat.com/rhn/public/NULL/bind/9.2.4-25.el3/i386/bind-9.2.4-25.el3.i386.rpm
Missing file		     MD5: cf5f1df51b2943ae92d5329f0212f5bd
ftp://updates.redhat.com/rhn/public/NULL/bind-chroot/9.2.4-25.el3/i386/bind-chroot-9.2.4-25.el3.i386.rpm
Missing file		     MD5: aec9cb186214cf3a2b06f58b367136bf
ftp://updates.redhat.com/rhn/public/NULL/bind-devel/9.2.4-25.el3/i386/bind-devel-9.2.4-25.el3.i386.rpm
Missing file		     MD5: c73bf4f968b45b149d95e91ac079b35b
ftp://updates.redhat.com/rhn/public/NULL/bind-libs/9.2.4-25.el3/i386/bind-libs-9.2.4-25.el3.i386.rpm
Missing file		     MD5: bc019c30ebb67e1b122e3c6081f39137
ftp://updates.redhat.com/rhn/public/NULL/bind-utils/9.2.4-25.el3/i386/bind-utils-9.2.4-25.el3.i386.rpm
Missing file		     MD5: c2f2e2e098aa7c5f77861868eb47abc8
 
IA-64:
ftp://updates.redhat.com/rhn/public/NULL/bind/9.2.4-25.el3/ia64/bind-9.2.4-25.el3.ia64.rpm
Missing file		     MD5: 1627ea40db0495188eb9fadb5f4a4188
ftp://updates.redhat.com/rhn/public/NULL/bind-chroot/9.2.4-25.el3/ia64/bind-chroot-9.2.4-25.el3.ia64.rpm
Missing file		     MD5: 83cb1afe03c2332a624df731b96ee06a
ftp://updates.redhat.com/rhn/public/NULL/bind-devel/9.2.4-25.el3/ia64/bind-devel-9.2.4-25.el3.ia64.rpm
Missing file		     MD5: a0f788d4e6698c1c072e758505f63661
ftp://updates.redhat.com/rhn/public/NULL/bind-libs/9.2.4-25.el3/ia64/bind-libs-9.2.4-25.el3.ia64.rpm
Missing file		     MD5: 76db813e6590c00bed215e55876aa17c
ftp://updates.redhat.com/rhn/public/NULL/bind-utils/9.2.4-25.el3/ia64/bind-utils-9.2.4-25.el3.ia64.rpm
Missing file		     MD5: 94f363811709466b4a662444ca562a4e
 
x86_64:
ftp://updates.redhat.com/rhn/public/NULL/bind/9.2.4-25.el3/x86_64/bind-9.2.4-25.el3.x86_64.rpm
Missing file		     MD5: 398115eccdfdf7afe6773f1274109411
ftp://updates.redhat.com/rhn/public/NULL/bind-chroot/9.2.4-25.el3/x86_64/bind-chroot-9.2.4-25.el3.x86_64.rpm
Missing file		     MD5: 61ca79aec5509a32ec62dcb2e9bddb45
ftp://updates.redhat.com/rhn/public/NULL/bind-devel/9.2.4-25.el3/x86_64/bind-devel-9.2.4-25.el3.x86_64.rpm
Missing file		     MD5: f947f812b3301e3061bf08b6490940d3
ftp://updates.redhat.com/rhn/public/NULL/bind-libs/9.2.4-25.el3/x86_64/bind-libs-9.2.4-25.el3.x86_64.rpm
Missing file		     MD5: 125c397628e48616ab92cc3f604bd47c
ftp://updates.redhat.com/rhn/public/NULL/bind-utils/9.2.4-25.el3/x86_64/bind-utils-9.2.4-25.el3.x86_64.rpm
Missing file		     MD5: a25c95ab4d4d3ea5fad85dac89749487
 

Bugs fixed (see bugzilla for more information)

498164 - bind-9.2.4-22.el3 and too many open files
514292 - CVE-2009-0696 bind: DoS (assertion failure) via nsupdate packets


References

https://www.redhat.com/security/data/cve/CVE-2009-0696.html
http://www.redhat.com/security/updates/classification/#important
https://www.isc.org/node/474

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/