- Issued:
- 2007-11-15
- Updated:
- 2007-11-15
RHBA-2007:0743 - Bug Fix Advisory
Synopsis
bind bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated bind packages which fix various bugs and add enhancements are
now available.
Description
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named), which
resolves host names to IP addresses; a resolver library (routines for
applications to use when interfacing with DNS); and tools for verifying
that the DNS server is operating correctly.
These updated packages fix the following issues:
- during a zone transfer, a denial of service (DoS) was possible if an
attacker sent a Transaction Signature (TSIG) request, then sent a second,
malformed TSIG request. However, to be successful the TSIGs had to be
successfully authenticated, which greatly limited exploitation
possibilities.
- bind-chroot creates various files such as /dev/random and /dev/zero so
that bind can successfully run in a chroot jail. However, when uninstalling
bind-chroot, these files are not removed. In these updated packages
uninstalling bind-chroot removes these files.
- the bind init script used to start bind in a chroot jail mounts the /proc
file system. Using the same init script to stop bind resulted in /proc not
being unmounted. At this point, starting bind could result in an error
about /proc already being mounted. In these updated packages /proc is
correctly unmounted.
- the "host" command had a return code of zero (successful) even when a
host wasn't found.
- an update to bind-chroot resulted in a "missing ';' before '}'" error
when using rndc. This was caused by bind-choot not generating rndc.key
correctly. The rndc.key file is correctly generated with these updated
packages.
- in previous packages /var/named/proc/chroot wasn't hidden. This resulted
in the df command returning "`/var/named/chroot/proc': Permission denied".
In these updated packages /var/named/proc/chroot is hidden.
This update also adds the following enhancements:
- the bind init script now has a "configtest" parameter which calls
named-checkconf. This serves to make managing services easier without
having to remember the name of each service's configuration-checking tool.
- Extended Domain Name System (EDNS) was enabled globally by default. This
caused EDNS packets to be sent to root nameservers which usually responded
with "format error". CheckPoint Firewall 1 would log these packets and
eventually crash. Other commercial firewalls may be affected. You can now
disable EDNS globally by specifying "edns no" in the bind configuration
file, named.conf.
Users are advised to upgrade to these updated packages, which resolve these
issues and add these enhancements.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
Affected Products
- Red Hat Enterprise Linux Server 4 x86_64
- Red Hat Enterprise Linux Server 4 ia64
- Red Hat Enterprise Linux Server 4 i386
- Red Hat Enterprise Linux Workstation 4 x86_64
- Red Hat Enterprise Linux Workstation 4 ia64
- Red Hat Enterprise Linux Workstation 4 i386
- Red Hat Enterprise Linux Desktop 4 x86_64
- Red Hat Enterprise Linux Desktop 4 i386
- Red Hat Enterprise Linux for IBM z Systems 4 s390x
- Red Hat Enterprise Linux for IBM z Systems 4 s390
- Red Hat Enterprise Linux for Power, big endian 4 ppc
Fixes
- BZ - 157601 - A 'configtest' parameter for the named service (attached).
- BZ - 192192 - BIND TSIG DoS
- BZ - 202441 - chroot'd named causes df permission denied error
- BZ - 205266 - bind-chroot doesn't clean up its mess on %preun
- BZ - 211282 - EDNS is globally enabled, crashing CheckPoint FW-1
- BZ - 219473 - "host" command from bind-utils package returns zero whether the host resolves or not.
- BZ - 227798 - update of bind-chroot breaks rndc.key and named won't start
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 4
SRPM | |
---|---|
bind-9.2.4-28.el4.src.rpm | SHA-256: 075b4dd21e377a9fddb7bff40575cc296aa46c7c03038783acff7a974a687f22 |
x86_64 | |
bind-9.2.4-28.el4.x86_64.rpm | SHA-256: 388429c0fa7147420520a01f727be5e137b2dae2ed21b699fda66a655688a928 |
bind-9.2.4-28.el4.x86_64.rpm | SHA-256: 388429c0fa7147420520a01f727be5e137b2dae2ed21b699fda66a655688a928 |
bind-chroot-9.2.4-28.el4.x86_64.rpm | SHA-256: 0302f3bba8e768b73f2d8afa60485b11d24067a3ff867322fc87ac24c65a1cab |
bind-chroot-9.2.4-28.el4.x86_64.rpm | SHA-256: 0302f3bba8e768b73f2d8afa60485b11d24067a3ff867322fc87ac24c65a1cab |
bind-devel-9.2.4-28.el4.x86_64.rpm | SHA-256: ca919982a8cb1e06d1aadfa084bcd1a3bf9bcdbc0f9211d507fedf0c70634b30 |
bind-devel-9.2.4-28.el4.x86_64.rpm | SHA-256: ca919982a8cb1e06d1aadfa084bcd1a3bf9bcdbc0f9211d507fedf0c70634b30 |
bind-libs-9.2.4-28.el4.i386.rpm | SHA-256: f3c33e10d50f1e2741edb0db14f2a8c39b7551b168958cf39e42377e22d769bc |
bind-libs-9.2.4-28.el4.i386.rpm | SHA-256: f3c33e10d50f1e2741edb0db14f2a8c39b7551b168958cf39e42377e22d769bc |
bind-libs-9.2.4-28.el4.x86_64.rpm | SHA-256: 46feaa27eaf26c50d7d575b4402da163bff2abf552fb379302297cb296b12557 |
bind-libs-9.2.4-28.el4.x86_64.rpm | SHA-256: 46feaa27eaf26c50d7d575b4402da163bff2abf552fb379302297cb296b12557 |
bind-utils-9.2.4-28.el4.x86_64.rpm | SHA-256: 70e411677cc30a76f31c746880179cdb96a2c39d5f5ddbcda0b52f1d6536eb34 |
bind-utils-9.2.4-28.el4.x86_64.rpm | SHA-256: 70e411677cc30a76f31c746880179cdb96a2c39d5f5ddbcda0b52f1d6536eb34 |
ia64 | |
bind-9.2.4-28.el4.ia64.rpm | SHA-256: 8aa3a98bd20e09364383c137f75863de540c1806ebb2e6cc3fb14fb1ae8dc3e1 |
bind-9.2.4-28.el4.ia64.rpm | SHA-256: 8aa3a98bd20e09364383c137f75863de540c1806ebb2e6cc3fb14fb1ae8dc3e1 |
bind-chroot-9.2.4-28.el4.ia64.rpm | SHA-256: 4de95dc5e08f6cc283234fe4953b98eb339b1a4fcd1189f2e2f13220d346dde2 |
bind-chroot-9.2.4-28.el4.ia64.rpm | SHA-256: 4de95dc5e08f6cc283234fe4953b98eb339b1a4fcd1189f2e2f13220d346dde2 |
bind-devel-9.2.4-28.el4.ia64.rpm | SHA-256: 486e3036e42520d15f4e97616be5a997b6be4120559d4dfdc6b7849a756cd81f |
bind-devel-9.2.4-28.el4.ia64.rpm | SHA-256: 486e3036e42520d15f4e97616be5a997b6be4120559d4dfdc6b7849a756cd81f |
bind-libs-9.2.4-28.el4.i386.rpm | SHA-256: f3c33e10d50f1e2741edb0db14f2a8c39b7551b168958cf39e42377e22d769bc |
bind-libs-9.2.4-28.el4.i386.rpm | SHA-256: f3c33e10d50f1e2741edb0db14f2a8c39b7551b168958cf39e42377e22d769bc |
bind-libs-9.2.4-28.el4.ia64.rpm | SHA-256: ebe31428a89d29ef74f03a6cf68401d3ae0cf67460b208dbeaad242b18890c32 |
bind-libs-9.2.4-28.el4.ia64.rpm | SHA-256: ebe31428a89d29ef74f03a6cf68401d3ae0cf67460b208dbeaad242b18890c32 |
bind-utils-9.2.4-28.el4.ia64.rpm | SHA-256: 03bd1f133156679fe42372859188c3c6429f6586bfa13b9af3a2f38cce9b3a9a |
bind-utils-9.2.4-28.el4.ia64.rpm | SHA-256: 03bd1f133156679fe42372859188c3c6429f6586bfa13b9af3a2f38cce9b3a9a |
i386 | |
bind-9.2.4-28.el4.i386.rpm | SHA-256: 76efaa00ee3a5f175316de1560ab28c2824180437c34ab68c7cb5f7e8f10fec7 |
bind-9.2.4-28.el4.i386.rpm | SHA-256: 76efaa00ee3a5f175316de1560ab28c2824180437c34ab68c7cb5f7e8f10fec7 |
bind-chroot-9.2.4-28.el4.i386.rpm | SHA-256: 4e3f13772a257af97b6a627792d7e2c4f6c76f7b2f5791c87ce839f6245441ce |
bind-chroot-9.2.4-28.el4.i386.rpm | SHA-256: 4e3f13772a257af97b6a627792d7e2c4f6c76f7b2f5791c87ce839f6245441ce |
bind-devel-9.2.4-28.el4.i386.rpm | SHA-256: 4dffa0fa3d8608f2f3aa79b335547928a89f035a6b59aaf00cc72aac9d7a467d |
bind-devel-9.2.4-28.el4.i386.rpm | SHA-256: 4dffa0fa3d8608f2f3aa79b335547928a89f035a6b59aaf00cc72aac9d7a467d |
bind-libs-9.2.4-28.el4.i386.rpm | SHA-256: f3c33e10d50f1e2741edb0db14f2a8c39b7551b168958cf39e42377e22d769bc |
bind-libs-9.2.4-28.el4.i386.rpm | SHA-256: f3c33e10d50f1e2741edb0db14f2a8c39b7551b168958cf39e42377e22d769bc |
bind-utils-9.2.4-28.el4.i386.rpm | SHA-256: ec75ec30385ce7b5146f26399b3fca516442322788fa73c5f2ff54510bf8322c |
bind-utils-9.2.4-28.el4.i386.rpm | SHA-256: ec75ec30385ce7b5146f26399b3fca516442322788fa73c5f2ff54510bf8322c |
Red Hat Enterprise Linux Workstation 4
SRPM | |
---|---|
bind-9.2.4-28.el4.src.rpm | SHA-256: 075b4dd21e377a9fddb7bff40575cc296aa46c7c03038783acff7a974a687f22 |
x86_64 | |
bind-9.2.4-28.el4.x86_64.rpm | SHA-256: 388429c0fa7147420520a01f727be5e137b2dae2ed21b699fda66a655688a928 |
bind-chroot-9.2.4-28.el4.x86_64.rpm | SHA-256: 0302f3bba8e768b73f2d8afa60485b11d24067a3ff867322fc87ac24c65a1cab |
bind-devel-9.2.4-28.el4.x86_64.rpm | SHA-256: ca919982a8cb1e06d1aadfa084bcd1a3bf9bcdbc0f9211d507fedf0c70634b30 |
bind-libs-9.2.4-28.el4.i386.rpm | SHA-256: f3c33e10d50f1e2741edb0db14f2a8c39b7551b168958cf39e42377e22d769bc |
bind-libs-9.2.4-28.el4.x86_64.rpm | SHA-256: 46feaa27eaf26c50d7d575b4402da163bff2abf552fb379302297cb296b12557 |
bind-utils-9.2.4-28.el4.x86_64.rpm | SHA-256: 70e411677cc30a76f31c746880179cdb96a2c39d5f5ddbcda0b52f1d6536eb34 |
ia64 | |
bind-9.2.4-28.el4.ia64.rpm | SHA-256: 8aa3a98bd20e09364383c137f75863de540c1806ebb2e6cc3fb14fb1ae8dc3e1 |
bind-chroot-9.2.4-28.el4.ia64.rpm | SHA-256: 4de95dc5e08f6cc283234fe4953b98eb339b1a4fcd1189f2e2f13220d346dde2 |
bind-devel-9.2.4-28.el4.ia64.rpm | SHA-256: 486e3036e42520d15f4e97616be5a997b6be4120559d4dfdc6b7849a756cd81f |
bind-libs-9.2.4-28.el4.i386.rpm | SHA-256: f3c33e10d50f1e2741edb0db14f2a8c39b7551b168958cf39e42377e22d769bc |
bind-libs-9.2.4-28.el4.ia64.rpm | SHA-256: ebe31428a89d29ef74f03a6cf68401d3ae0cf67460b208dbeaad242b18890c32 |
bind-utils-9.2.4-28.el4.ia64.rpm | SHA-256: 03bd1f133156679fe42372859188c3c6429f6586bfa13b9af3a2f38cce9b3a9a |
i386 | |
bind-9.2.4-28.el4.i386.rpm | SHA-256: 76efaa00ee3a5f175316de1560ab28c2824180437c34ab68c7cb5f7e8f10fec7 |
bind-chroot-9.2.4-28.el4.i386.rpm | SHA-256: 4e3f13772a257af97b6a627792d7e2c4f6c76f7b2f5791c87ce839f6245441ce |
bind-devel-9.2.4-28.el4.i386.rpm | SHA-256: 4dffa0fa3d8608f2f3aa79b335547928a89f035a6b59aaf00cc72aac9d7a467d |
bind-libs-9.2.4-28.el4.i386.rpm | SHA-256: f3c33e10d50f1e2741edb0db14f2a8c39b7551b168958cf39e42377e22d769bc |
bind-utils-9.2.4-28.el4.i386.rpm | SHA-256: ec75ec30385ce7b5146f26399b3fca516442322788fa73c5f2ff54510bf8322c |
Red Hat Enterprise Linux Desktop 4
SRPM | |
---|---|
bind-9.2.4-28.el4.src.rpm | SHA-256: 075b4dd21e377a9fddb7bff40575cc296aa46c7c03038783acff7a974a687f22 |
x86_64 | |
bind-9.2.4-28.el4.x86_64.rpm | SHA-256: 388429c0fa7147420520a01f727be5e137b2dae2ed21b699fda66a655688a928 |
bind-chroot-9.2.4-28.el4.x86_64.rpm | SHA-256: 0302f3bba8e768b73f2d8afa60485b11d24067a3ff867322fc87ac24c65a1cab |
bind-devel-9.2.4-28.el4.x86_64.rpm | SHA-256: ca919982a8cb1e06d1aadfa084bcd1a3bf9bcdbc0f9211d507fedf0c70634b30 |
bind-libs-9.2.4-28.el4.i386.rpm | SHA-256: f3c33e10d50f1e2741edb0db14f2a8c39b7551b168958cf39e42377e22d769bc |
bind-libs-9.2.4-28.el4.x86_64.rpm | SHA-256: 46feaa27eaf26c50d7d575b4402da163bff2abf552fb379302297cb296b12557 |
bind-utils-9.2.4-28.el4.x86_64.rpm | SHA-256: 70e411677cc30a76f31c746880179cdb96a2c39d5f5ddbcda0b52f1d6536eb34 |
i386 | |
bind-9.2.4-28.el4.i386.rpm | SHA-256: 76efaa00ee3a5f175316de1560ab28c2824180437c34ab68c7cb5f7e8f10fec7 |
bind-chroot-9.2.4-28.el4.i386.rpm | SHA-256: 4e3f13772a257af97b6a627792d7e2c4f6c76f7b2f5791c87ce839f6245441ce |
bind-devel-9.2.4-28.el4.i386.rpm | SHA-256: 4dffa0fa3d8608f2f3aa79b335547928a89f035a6b59aaf00cc72aac9d7a467d |
bind-libs-9.2.4-28.el4.i386.rpm | SHA-256: f3c33e10d50f1e2741edb0db14f2a8c39b7551b168958cf39e42377e22d769bc |
bind-utils-9.2.4-28.el4.i386.rpm | SHA-256: ec75ec30385ce7b5146f26399b3fca516442322788fa73c5f2ff54510bf8322c |
Red Hat Enterprise Linux for IBM z Systems 4
SRPM | |
---|---|
bind-9.2.4-28.el4.src.rpm | SHA-256: 075b4dd21e377a9fddb7bff40575cc296aa46c7c03038783acff7a974a687f22 |
s390x | |
bind-9.2.4-28.el4.s390x.rpm | SHA-256: 5c08bed0031ae617badcbc0453bf6563b07757c6bde72b15af41bcd5e17cd8c3 |
bind-chroot-9.2.4-28.el4.s390x.rpm | SHA-256: 89ea39455f75fa943545f283934faf6ba73931969c34c6ec2e24726fef2ed737 |
bind-devel-9.2.4-28.el4.s390x.rpm | SHA-256: 7dc399a5afc89a96d28677860653347690aafc3dc49b59fba9cb57ee09412607 |
bind-libs-9.2.4-28.el4.s390.rpm | SHA-256: 4cd17636a57940ff032a48070f91f9a5fdbc83496111d2aa9ae56c7b712f9815 |
bind-libs-9.2.4-28.el4.s390x.rpm | SHA-256: a5d2e2539f650487b03756a58ed581a381da7076f80ccfdbe82188cd00ab2047 |
bind-utils-9.2.4-28.el4.s390x.rpm | SHA-256: 2db279c7a0dc22d9df43fc19e6cf727c58cd046d0dd40566d26fb05035c63180 |
s390 | |
bind-9.2.4-28.el4.s390.rpm | SHA-256: 7622f9a579bb688cdebb391938f53e30766eb9dd9c8c4ba1e5b7c31a210f0411 |
bind-chroot-9.2.4-28.el4.s390.rpm | SHA-256: ba847efd5570015d188103eee7b63bad5e91e59259999d7c5d2532a2c4e612d6 |
bind-devel-9.2.4-28.el4.s390.rpm | SHA-256: 79953c80a0266f9dd5e2251b265dad934ec70211e9d4eaa92a130b2c0622a1fe |
bind-libs-9.2.4-28.el4.s390.rpm | SHA-256: 4cd17636a57940ff032a48070f91f9a5fdbc83496111d2aa9ae56c7b712f9815 |
bind-utils-9.2.4-28.el4.s390.rpm | SHA-256: e5b419a36639c25f0c7aebc2225aa64aea6bca7ae98c2b57875a1d66d4562cd7 |
Red Hat Enterprise Linux for Power, big endian 4
SRPM | |
---|---|
bind-9.2.4-28.el4.src.rpm | SHA-256: 075b4dd21e377a9fddb7bff40575cc296aa46c7c03038783acff7a974a687f22 |
ppc | |
bind-9.2.4-28.el4.ppc.rpm | SHA-256: 46fc0550b3b52798dc46d365e90931c8d029c8c49be02a8d70b9aa624b295d87 |
bind-chroot-9.2.4-28.el4.ppc.rpm | SHA-256: b101911e6226e67c42c20d6fb6e9bd19bb1b6181d233445b69840e67ecdb2ae1 |
bind-devel-9.2.4-28.el4.ppc.rpm | SHA-256: 45e8f2888b373456d82d9196a713fd535dd781460a0eeed00cde40dd3e3547b1 |
bind-libs-9.2.4-28.el4.ppc.rpm | SHA-256: 8322b08a583fe0ada9c66d04e95eca1e9a06560d41c063d17282613ee0ed6763 |
bind-libs-9.2.4-28.el4.ppc64.rpm | SHA-256: d568dff6e20ca427bdf4c7d74a3e19146123c5f79be94d716a38e49938d3c062 |
bind-utils-9.2.4-28.el4.ppc.rpm | SHA-256: bb3494c3caea1f3556ffc95a78d958753878b9b709c6bd9a02f5c17171e49c56 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.