Red Hat Customer Portal

Skip to main content

Security Advisory Important: bind security update

Advisory: RHSA-2016:0079-1
Type: Security Advisory
Severity: Important
Issued on: 2016-01-28
Last updated on: 2016-01-28
Affected Products: Red Hat Enterprise Linux Server EUS (v. 6.6.z)
CVEs (cve.mitre.org): CVE-2015-5477
CVE-2015-5722
CVE-2015-8000

Details

Updated bind packages that fix three security issues are now available for
Red Hat Enterprise Linux 6.6 Extended Update Support.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.

A flaw was found in the way BIND handled requests for TKEY DNS resource
records. A remote attacker could use this flaw to make named (functioning
as an authoritative DNS server or a DNS resolver) exit unexpectedly with an
assertion failure via a specially crafted DNS request packet.
(CVE-2015-5477)

A denial of service flaw was found in the way BIND parsed certain malformed
DNSSEC keys. A remote attacker could use this flaw to send a specially
crafted DNS query (for example, a query requiring a response from a zone
containing a deliberately malformed key) that would cause named functioning
as a validating resolver to crash. (CVE-2015-5722)

A denial of service flaw was found in the way BIND processed certain
records with malformed class attributes. A remote attacker could use this
flaw to send a query to request a cached record with a malformed class
attribute that would cause named functioning as an authoritative or
recursive server to crash. (CVE-2015-8000)

Note: This issue affects authoritative servers as well as recursive
servers, however authoritative servers are at limited risk if they perform
authentication when making recursive queries to resolve addresses for
servers listed in NS RRSETs.

Red Hat would like to thank ISC for reporting the CVE-2015-5477,
CVE-2015-5722, and CVE-2015-8000 issues. Upstream acknowledges Jonathan
Foote as the original reporter of CVE-2015-5477, and Hanno Böck as the
original reporter of CVE-2015-5722.

All bind users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
update, the BIND daemon (named) will be restarted automatically.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Updated packages

Red Hat Enterprise Linux Server EUS (v. 6.6.z)

SRPMS:
bind-9.8.2-0.30.rc1.el6_6.4.src.rpm
File outdated by:  RHSA-2016:0562
    MD5: 59c1629c1d7a44ba4ca832e79b2c2e59
SHA-256: 2f7f9f284b3a0635c5c6c716177b977a176e14bb0b36f41b59ca17a2fe68b752
 
IA-32:
bind-9.8.2-0.30.rc1.el6_6.4.i686.rpm
File outdated by:  RHSA-2016:0562
    MD5: 91c3fbc1ed9c57b2c3bb51a0da4218d5
SHA-256: 7e8503bccfc5ef3eab5bb44772b0cc7b2f6a29425a33e20a818ed910f6496841
bind-chroot-9.8.2-0.30.rc1.el6_6.4.i686.rpm
File outdated by:  RHSA-2016:0562
    MD5: 6e5df6dbb2b7708e805a6a26dd53d97d
SHA-256: 0e2cac7011a4bcc15d1277b86527135a0173c8d53403e0963905b4295984e209
bind-debuginfo-9.8.2-0.30.rc1.el6_6.4.i686.rpm
File outdated by:  RHSA-2016:0562
    MD5: 69a18850be4666c06b472ebcafcded3e
SHA-256: 6c92895b55c0b7dfdc79044fe86152cd305762afa66104a63b053266e08e7d28
bind-devel-9.8.2-0.30.rc1.el6_6.4.i686.rpm
File outdated by:  RHSA-2016:0562
    MD5: a54696801ffb92d98d6f04f3e2c3f5db
SHA-256: 036684f9b899f2927e48aa809ba57f17a189f121e7d98f066eb01d07dd521f9e
bind-libs-9.8.2-0.30.rc1.el6_6.4.i686.rpm
File outdated by:  RHSA-2016:0562
    MD5: 22460335291768ac4a37e91d57a9ccd4
SHA-256: 2d3d6262fdb77ed611e025e2c073ebe1b2605f5280ba87323e194035ab528190
bind-sdb-9.8.2-0.30.rc1.el6_6.4.i686.rpm
File outdated by:  RHSA-2016:0562
    MD5: 3774870ea908319a8b3a757539bbe5bc
SHA-256: 967e74d3f69c90d2f215c83d1b3400cbdb19997d76e6a5a547fb6d3451780d5e
bind-utils-9.8.2-0.30.rc1.el6_6.4.i686.rpm
File outdated by:  RHSA-2016:0562
    MD5: 38a40a6a7857e32f576aaa48f2d78374
SHA-256: 3769d1e170e93db394712e0cade3b91226a523451821e42af4bbe0fe679e425c
 
PPC:
bind-9.8.2-0.30.rc1.el6_6.4.ppc64.rpm
File outdated by:  RHSA-2016:0562
    MD5: 473eb4d241b0e406d60d2a7a0f815436
SHA-256: 49bdf0cf04df6c0737f58352f719f271782dc89ba2adeca2bd5a1654bbb3d0e5
bind-chroot-9.8.2-0.30.rc1.el6_6.4.ppc64.rpm
File outdated by:  RHSA-2016:0562
    MD5: 5590bf4e78f157897aa0df63d456db7d
SHA-256: f86d0bae46ab85886fe492ec8293c25d3cae9665b6ed3ba07008c158349dbff3
bind-debuginfo-9.8.2-0.30.rc1.el6_6.4.ppc.rpm
File outdated by:  RHSA-2016:0562
    MD5: 462c1c3dec525208eb9150afff095219
SHA-256: 4241e6a997bb073bdf0db5f8f1bf7d8c734fd8f658c385381188709dd5c5e274
bind-debuginfo-9.8.2-0.30.rc1.el6_6.4.ppc64.rpm
File outdated by:  RHSA-2016:0562
    MD5: c2a49d8e1a0766e75b7ed657457dafe3
SHA-256: 2fafd6a3c9348f8e5524958a47f4c08bc6ef2476850b431f90e66bbcfeac4826
bind-devel-9.8.2-0.30.rc1.el6_6.4.ppc.rpm
File outdated by:  RHSA-2016:0562
    MD5: fa9717ff9099f01f16f35b4a9ae1436c
SHA-256: 605353e9efa974c4d396b2680e3be9e7e269c5dece11130a7800610aea784e43
bind-devel-9.8.2-0.30.rc1.el6_6.4.ppc64.rpm
File outdated by:  RHSA-2016:0562
    MD5: 812e389b75cb6346b2de0878855eb4e3
SHA-256: 95e80d4af9d321ff46bf1d1d74326a28ab7dd356fc747f2b9cc5c2dda105a980
bind-libs-9.8.2-0.30.rc1.el6_6.4.ppc.rpm
File outdated by:  RHSA-2016:0562
    MD5: f399af96506451efacb38ec6569d9ac8
SHA-256: 0e40bd650f02f15b18b23aa44a1970c46003fec3202e8bd2a7f7605cb1be4f0b
bind-libs-9.8.2-0.30.rc1.el6_6.4.ppc64.rpm
File outdated by:  RHSA-2016:0562
    MD5: 15b28ad50d83f2a3c3b4bfc9f8acc327
SHA-256: 352c62ec41feef4bebec445433cbe5702179b0a08381de25a5130357517adf68
bind-sdb-9.8.2-0.30.rc1.el6_6.4.ppc64.rpm
File outdated by:  RHSA-2016:0562
    MD5: cd22e34ee24155ac8a2b0bccc75db84b
SHA-256: 0767bf5c4c672c76c48843a0a1e78a0fc0badb302ec7aac59628cf6cc9352513
bind-utils-9.8.2-0.30.rc1.el6_6.4.ppc64.rpm
File outdated by:  RHSA-2016:0562
    MD5: ef44c6dc46c3714c4fe0a1ec10771ffb
SHA-256: cca48e469c361a4b961bd0cb8005a238b5418cd9925669b478ce684d47935e9a
 
s390x:
bind-9.8.2-0.30.rc1.el6_6.4.s390x.rpm
File outdated by:  RHSA-2016:0562
    MD5: a68af9d5cf3cfce3ba32a79a4d3e5818
SHA-256: 517a6aa80941ca396c1c8c057183036e27063677c06e6d7125c016f12d4c0646
bind-chroot-9.8.2-0.30.rc1.el6_6.4.s390x.rpm
File outdated by:  RHSA-2016:0562
    MD5: 45cb3111ea4006ed60eb05a94daabe37
SHA-256: bfaf9abd58053207f9f11f1705dd3db43f02a72d8cfd8c3223cdfe83578509b8
bind-debuginfo-9.8.2-0.30.rc1.el6_6.4.s390.rpm
File outdated by:  RHSA-2016:0562
    MD5: 54ae080932710596e5f5eb89e542f8a3
SHA-256: 117f83c22d2ffcc5dbe46d51e03a08c1d3423164ad3f133bfc454eae596dd9f7
bind-debuginfo-9.8.2-0.30.rc1.el6_6.4.s390x.rpm
File outdated by:  RHSA-2016:0562
    MD5: c1b52e8bd93422772e33b9af8db6ad01
SHA-256: 8650009535c384389973e5c5b7363cb464b2b3d7c0f5c78b73389a0270ab9d2a
bind-devel-9.8.2-0.30.rc1.el6_6.4.s390.rpm
File outdated by:  RHSA-2016:0562
    MD5: 46bcd43759cf24e485d9c4fe8e492bf7
SHA-256: f5be886a260923114379ce4f351819ead860b6da60312034de92ce0a7f5fdc48
bind-devel-9.8.2-0.30.rc1.el6_6.4.s390x.rpm
File outdated by:  RHSA-2016:0562
    MD5: fecdf0c594653452736cab0f50d67c75
SHA-256: b98b29c9b99be8625bbbbc343be076a3d026d0c0527c2a40b1fe75d6c2aecb80
bind-libs-9.8.2-0.30.rc1.el6_6.4.s390.rpm
File outdated by:  RHSA-2016:0562
    MD5: 13f660dcaa3962704e53bc684ec5694f
SHA-256: 0fc88303d627a86216fc9fb7e23a0649e87803af37e72e58e8a00cac7c8fec28
bind-libs-9.8.2-0.30.rc1.el6_6.4.s390x.rpm
File outdated by:  RHSA-2016:0562
    MD5: 32ced19c5f135bf07fe6a63614520f55
SHA-256: 2e7dcb41a09aec2767391b4c0658a5d9216daee140545b0849c6e80bf01f50a6
bind-sdb-9.8.2-0.30.rc1.el6_6.4.s390x.rpm
File outdated by:  RHSA-2016:0562
    MD5: 0f6428657032343e6ec50d1fd175afc2
SHA-256: c1bb211dd5e210b2d5901b06ee427220f824415c368c6f961bc35f953a081c8f
bind-utils-9.8.2-0.30.rc1.el6_6.4.s390x.rpm
File outdated by:  RHSA-2016:0562
    MD5: eec01159af173b1ec723dba7b32d9864
SHA-256: 3799e87c2d277df28f6cd16c1a0f3ee9686a0ede990aca9486b60c75844f9ff5
 
x86_64:
bind-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm
File outdated by:  RHSA-2016:0562
    MD5: 82ee285d52d189165217701f2764abbb
SHA-256: 3c1fa2ef1d957191a034f7ed812b9875d3247b655f0d0e451c2bae20afad46a1
bind-chroot-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm
File outdated by:  RHSA-2016:0562
    MD5: cce227ab267dc79812fe043a77960c07
SHA-256: 498e6a3ee911231df1cbe9350c8ccd4fc1b8485d0a0d3bfb59fb54acd010717c
bind-debuginfo-9.8.2-0.30.rc1.el6_6.4.i686.rpm
File outdated by:  RHSA-2016:0562
    MD5: 69a18850be4666c06b472ebcafcded3e
SHA-256: 6c92895b55c0b7dfdc79044fe86152cd305762afa66104a63b053266e08e7d28
bind-debuginfo-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm
File outdated by:  RHSA-2016:0562
    MD5: e34fd0fdd27ce36f56a5cfd15b40624b
SHA-256: 4bb32fd00e5c4bcabac4380f348cb3fd19e0627ca3b3b4a620e7597413840e11
bind-devel-9.8.2-0.30.rc1.el6_6.4.i686.rpm
File outdated by:  RHSA-2016:0562
    MD5: a54696801ffb92d98d6f04f3e2c3f5db
SHA-256: 036684f9b899f2927e48aa809ba57f17a189f121e7d98f066eb01d07dd521f9e
bind-devel-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm
File outdated by:  RHSA-2016:0562
    MD5: 87fccdf370d17cc879261a6fefe9263a
SHA-256: 6843b4dda41bc899c93a30a8a727b9147e6a913958b4d9f7f101bb6ad0941854
bind-libs-9.8.2-0.30.rc1.el6_6.4.i686.rpm
File outdated by:  RHSA-2016:0562
    MD5: 22460335291768ac4a37e91d57a9ccd4
SHA-256: 2d3d6262fdb77ed611e025e2c073ebe1b2605f5280ba87323e194035ab528190
bind-libs-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm
File outdated by:  RHSA-2016:0562
    MD5: 892330685a97828da9ea58b54f50838e
SHA-256: 6a36944fbe2ed8b2895f6b341ea50ab6454072bfa8e286c783659e713bc6b740
bind-sdb-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm
File outdated by:  RHSA-2016:0562
    MD5: c725b7feff41d06db3c4aaf24f339e1f
SHA-256: 1fd367a71917dd3f39e24495c5dc405a4ccb8b6385eb08f3a250366f84ec2290
bind-utils-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm
File outdated by:  RHSA-2016:0562
    MD5: 891a09621ad461b6b90e12dbd452958e
SHA-256: be7af42c584a1b77805a333b964352076e155aae9db4a7944db05d96c57e021c
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1247361 - CVE-2015-5477 bind: TKEY query handling flaw leading to denial of service
1259087 - CVE-2015-5722 bind: malformed DNSSEC key failed assertion denial of service
1291176 - CVE-2015-8000 bind: responses with a malformed class attribute can trigger an assertion failure in db.c


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/