- Issued:
- 2009-01-20
- Updated:
- 2009-01-20
RHBA-2009:0246 - Bug Fix Advisory
Synopsis
bind bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated bind packages that resolve several issues are now available for Red
Hat Enterprise Linux 5.
Description
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.
These updated bind packages provide fixes for the following bugs:
- the bind-chroot-admin script did not preserve the user-supplied chroot
directory. Any user-supplied value for ROOTDIR was reset to the default
ROOTDIR during a bind-chroot update. As a result, name servers could
silently fail in a way which was difficult to diagnose. This updated
version of BIND will not reset user-supplied ROOTDIR values.
Note: It is not necessary to run the named daemon in a chroot environment
if the Red Hat SELinux policy for named is enabled. When enabled, this
policy is far more secure than a chroot environment. Users are recommended
to enable SELinux and remove the bind-chroot package.
- if the user provided incorrect syntax to the "rndc reload" command, named
could crash. On receiving incorrect syntax for "rndc reload", the version
of rndc provided with this advisory will report an error but will not crash
named.
- previously, the open files limit was set to 1000 by default. On
high-volume servers, this could lead to TCP queries timing out. The version
of BIND provided with this advisory has the open files limit set to
"unlimited" by default.
Note that previous documentation stated that the open files limit was set
to "unlimited", even though this was not the case.
- the bind-sdb installation script set the ownership of the
/etc/openldap/slapd.conf configuration file to "root" when it should have
been set to "ldap". This incorrect permission prevented the slapd daemon
from starting. The version of the script included in this update sets the
file owner correctly, thus allowing slapd to start.
- although BIND itself included support for the "krb5-self" and
"krb5-subdomain" options, this support was missing from the configuration
file parser. This made it impossible to configure BIND to use these
options. These updated bind packages now recognize these options.
- these updated bind packages provide a modified "named" init script in
which the reload() function returns an error status the reload failed.
- previously, permissions on BIND executables were set so that the files
could not be read or executed by users in the "others" group. This required
users to have elevated privileges in order to use BIND utilities such as
rndc. These permissions have been revised in this updated version of BIND
so that users in the "others" group may execute them. However, the
configuration files remain protected.
All users of bind are advised to upgrade to these updated packages, which
resolve these issues.
Solution
Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 437789 - bind install script changes the group owner of /etc/openldap/slapd.conf
- BZ - 441495 - No reason for bind binaries to be protected
- BZ - 451450 - bind-chroot update overwrites user supplied ROOTDIR setting
- BZ - 457533 - named crashes on incorrect usage of rndc reload command
- BZ - 457932 - Bind doesn't support krb5-self and krb5-subdomain options of the update-policy clause
- BZ - 458932 - named TCP connections hang
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 5
SRPM | |
---|---|
bind-9.3.4-10.P1.el5.src.rpm | SHA-256: 2908898969f694d1a0d1da1d13700e404e0765b91df03d0c239e771ab0458fe9 |
x86_64 | |
bind-9.3.4-10.P1.el5.x86_64.rpm | SHA-256: d0b1818a0c6fa788919a5163777060582ddfffd1997bcb8012607849292682f7 |
bind-chroot-9.3.4-10.P1.el5.x86_64.rpm | SHA-256: aa56270cfb81e9b6c20145fa4e9e1369a35eba385cda118f6738bd1faf09dedb |
bind-devel-9.3.4-10.P1.el5.i386.rpm | SHA-256: 16363f06a5ea8ea55e7f60c820df25ed5a89b4a81fd9b1a91d9b2084dd83445b |
bind-devel-9.3.4-10.P1.el5.x86_64.rpm | SHA-256: f8c273252c3887aabc9adb8e6ebe34d772621d4fc7130a74690de0d668858970 |
bind-libbind-devel-9.3.4-10.P1.el5.i386.rpm | SHA-256: 9526ad9b2dc84c5fe831ae52c0cbd69442faf566c50b7491329e240f5d270091 |
bind-libbind-devel-9.3.4-10.P1.el5.x86_64.rpm | SHA-256: 73f22ba71b930d0bb657b27e8e76029a5e2b7d219df2fd94263ea6f05bcf2b74 |
bind-libs-9.3.4-10.P1.el5.i386.rpm | SHA-256: 7381f11ddb1a515a2742a778a788a52fe7d0960d660ce6d1bbc716c9b1e4f73f |
bind-libs-9.3.4-10.P1.el5.x86_64.rpm | SHA-256: 4fae85d1eb7d854814986f8400c12c6237a59448ce1a8d8b50ce719411c6a391 |
bind-sdb-9.3.4-10.P1.el5.x86_64.rpm | SHA-256: 1d2a531fd3c7b579cc40d0998303b8228514653a4a0005050bc80b9212ef2627 |
bind-utils-9.3.4-10.P1.el5.x86_64.rpm | SHA-256: 26b52de19c9c342917de6e4d5632e30255a34c8cc88337209c386a0e28a284c3 |
caching-nameserver-9.3.4-10.P1.el5.x86_64.rpm | SHA-256: 38e2ef901560f3c851c3a7c8fd599f236d4f1e0311329c25a3d08e1b484f2254 |
ia64 | |
bind-9.3.4-10.P1.el5.ia64.rpm | SHA-256: 26b83b7571c3137cc13199596b6f087daaeec0fd5a6247b31608fb09dee1edb7 |
bind-chroot-9.3.4-10.P1.el5.ia64.rpm | SHA-256: b610cf974ce356e9b7a51ab91a61292f3532ab55fe86559ae7a573f6b0d469e5 |
bind-devel-9.3.4-10.P1.el5.ia64.rpm | SHA-256: c9b38d4ee277e60d16443b3201b02faf73ace08413d60bf3874bf4a359aaf42e |
bind-libbind-devel-9.3.4-10.P1.el5.ia64.rpm | SHA-256: 71f243e6afea82914084ff3ebf2b405e17753d6aafab3bab75042c852ccc4ba4 |
bind-libs-9.3.4-10.P1.el5.i386.rpm | SHA-256: 7381f11ddb1a515a2742a778a788a52fe7d0960d660ce6d1bbc716c9b1e4f73f |
bind-libs-9.3.4-10.P1.el5.ia64.rpm | SHA-256: 3108d99954140e9a296876890d8101a8ad647a009b9cc89e2bfdcb4f834309d2 |
bind-sdb-9.3.4-10.P1.el5.ia64.rpm | SHA-256: 51ccf283754363e9ab537e7ea03eb50b0e906b925731c33a1480e8a0d3a00df9 |
bind-utils-9.3.4-10.P1.el5.ia64.rpm | SHA-256: caca04dd4d37da9e8386ef87a9d4dd45fcdf02d7325e615d99e0ff4fdbad80fd |
caching-nameserver-9.3.4-10.P1.el5.ia64.rpm | SHA-256: 75f80357b8bd951a0493aac3cf93a3388142e51bf2ba182e4972625b43ec25af |
i386 | |
bind-9.3.4-10.P1.el5.i386.rpm | SHA-256: 35daa98fb912374aa6b00ed7eb5139b2459542d89d6df06dfdd5e0c8887b2184 |
bind-chroot-9.3.4-10.P1.el5.i386.rpm | SHA-256: 99eb1fa27e91d2480d998ac5a861236bc35e1e28396d463d78ca01ca956b53a4 |
bind-devel-9.3.4-10.P1.el5.i386.rpm | SHA-256: 16363f06a5ea8ea55e7f60c820df25ed5a89b4a81fd9b1a91d9b2084dd83445b |
bind-libbind-devel-9.3.4-10.P1.el5.i386.rpm | SHA-256: 9526ad9b2dc84c5fe831ae52c0cbd69442faf566c50b7491329e240f5d270091 |
bind-libs-9.3.4-10.P1.el5.i386.rpm | SHA-256: 7381f11ddb1a515a2742a778a788a52fe7d0960d660ce6d1bbc716c9b1e4f73f |
bind-sdb-9.3.4-10.P1.el5.i386.rpm | SHA-256: c4b8b23291b551c76d94a69e4b008137d5815e21b19416205a271ac1e1bc086a |
bind-utils-9.3.4-10.P1.el5.i386.rpm | SHA-256: dd5829bfaff5160db1a46e8bd0e59ec46032293617a40e587790cf42b9a9c072 |
caching-nameserver-9.3.4-10.P1.el5.i386.rpm | SHA-256: c3a8e111cc6f9137821dba0244e0a158fcc23504eb409acf0b38ab7ed2046970 |
Red Hat Enterprise Linux Workstation 5
SRPM | |
---|---|
bind-9.3.4-10.P1.el5.src.rpm | SHA-256: 2908898969f694d1a0d1da1d13700e404e0765b91df03d0c239e771ab0458fe9 |
x86_64 | |
bind-9.3.4-10.P1.el5.x86_64.rpm | SHA-256: d0b1818a0c6fa788919a5163777060582ddfffd1997bcb8012607849292682f7 |
bind-chroot-9.3.4-10.P1.el5.x86_64.rpm | SHA-256: aa56270cfb81e9b6c20145fa4e9e1369a35eba385cda118f6738bd1faf09dedb |
bind-devel-9.3.4-10.P1.el5.i386.rpm | SHA-256: 16363f06a5ea8ea55e7f60c820df25ed5a89b4a81fd9b1a91d9b2084dd83445b |
bind-devel-9.3.4-10.P1.el5.x86_64.rpm | SHA-256: f8c273252c3887aabc9adb8e6ebe34d772621d4fc7130a74690de0d668858970 |
bind-libbind-devel-9.3.4-10.P1.el5.i386.rpm | SHA-256: 9526ad9b2dc84c5fe831ae52c0cbd69442faf566c50b7491329e240f5d270091 |
bind-libbind-devel-9.3.4-10.P1.el5.x86_64.rpm | SHA-256: 73f22ba71b930d0bb657b27e8e76029a5e2b7d219df2fd94263ea6f05bcf2b74 |
bind-libs-9.3.4-10.P1.el5.i386.rpm | SHA-256: 7381f11ddb1a515a2742a778a788a52fe7d0960d660ce6d1bbc716c9b1e4f73f |
bind-libs-9.3.4-10.P1.el5.x86_64.rpm | SHA-256: 4fae85d1eb7d854814986f8400c12c6237a59448ce1a8d8b50ce719411c6a391 |
bind-sdb-9.3.4-10.P1.el5.x86_64.rpm | SHA-256: 1d2a531fd3c7b579cc40d0998303b8228514653a4a0005050bc80b9212ef2627 |
bind-utils-9.3.4-10.P1.el5.x86_64.rpm | SHA-256: 26b52de19c9c342917de6e4d5632e30255a34c8cc88337209c386a0e28a284c3 |
caching-nameserver-9.3.4-10.P1.el5.x86_64.rpm | SHA-256: 38e2ef901560f3c851c3a7c8fd599f236d4f1e0311329c25a3d08e1b484f2254 |
i386 | |
bind-9.3.4-10.P1.el5.i386.rpm | SHA-256: 35daa98fb912374aa6b00ed7eb5139b2459542d89d6df06dfdd5e0c8887b2184 |
bind-chroot-9.3.4-10.P1.el5.i386.rpm | SHA-256: 99eb1fa27e91d2480d998ac5a861236bc35e1e28396d463d78ca01ca956b53a4 |
bind-devel-9.3.4-10.P1.el5.i386.rpm | SHA-256: 16363f06a5ea8ea55e7f60c820df25ed5a89b4a81fd9b1a91d9b2084dd83445b |
bind-libbind-devel-9.3.4-10.P1.el5.i386.rpm | SHA-256: 9526ad9b2dc84c5fe831ae52c0cbd69442faf566c50b7491329e240f5d270091 |
bind-libs-9.3.4-10.P1.el5.i386.rpm | SHA-256: 7381f11ddb1a515a2742a778a788a52fe7d0960d660ce6d1bbc716c9b1e4f73f |
bind-sdb-9.3.4-10.P1.el5.i386.rpm | SHA-256: c4b8b23291b551c76d94a69e4b008137d5815e21b19416205a271ac1e1bc086a |
bind-utils-9.3.4-10.P1.el5.i386.rpm | SHA-256: dd5829bfaff5160db1a46e8bd0e59ec46032293617a40e587790cf42b9a9c072 |
caching-nameserver-9.3.4-10.P1.el5.i386.rpm | SHA-256: c3a8e111cc6f9137821dba0244e0a158fcc23504eb409acf0b38ab7ed2046970 |
Red Hat Enterprise Linux Desktop 5
SRPM | |
---|---|
bind-9.3.4-10.P1.el5.src.rpm | SHA-256: 2908898969f694d1a0d1da1d13700e404e0765b91df03d0c239e771ab0458fe9 |
x86_64 | |
bind-9.3.4-10.P1.el5.x86_64.rpm | SHA-256: d0b1818a0c6fa788919a5163777060582ddfffd1997bcb8012607849292682f7 |
bind-libs-9.3.4-10.P1.el5.i386.rpm | SHA-256: 7381f11ddb1a515a2742a778a788a52fe7d0960d660ce6d1bbc716c9b1e4f73f |
bind-libs-9.3.4-10.P1.el5.x86_64.rpm | SHA-256: 4fae85d1eb7d854814986f8400c12c6237a59448ce1a8d8b50ce719411c6a391 |
bind-sdb-9.3.4-10.P1.el5.x86_64.rpm | SHA-256: 1d2a531fd3c7b579cc40d0998303b8228514653a4a0005050bc80b9212ef2627 |
bind-utils-9.3.4-10.P1.el5.x86_64.rpm | SHA-256: 26b52de19c9c342917de6e4d5632e30255a34c8cc88337209c386a0e28a284c3 |
i386 | |
bind-9.3.4-10.P1.el5.i386.rpm | SHA-256: 35daa98fb912374aa6b00ed7eb5139b2459542d89d6df06dfdd5e0c8887b2184 |
bind-libs-9.3.4-10.P1.el5.i386.rpm | SHA-256: 7381f11ddb1a515a2742a778a788a52fe7d0960d660ce6d1bbc716c9b1e4f73f |
bind-sdb-9.3.4-10.P1.el5.i386.rpm | SHA-256: c4b8b23291b551c76d94a69e4b008137d5815e21b19416205a271ac1e1bc086a |
bind-utils-9.3.4-10.P1.el5.i386.rpm | SHA-256: dd5829bfaff5160db1a46e8bd0e59ec46032293617a40e587790cf42b9a9c072 |
Red Hat Enterprise Linux for IBM z Systems 5
SRPM | |
---|---|
bind-9.3.4-10.P1.el5.src.rpm | SHA-256: 2908898969f694d1a0d1da1d13700e404e0765b91df03d0c239e771ab0458fe9 |
s390x | |
bind-9.3.4-10.P1.el5.s390x.rpm | SHA-256: 41c8a8abeb964217b327f67321306a13e0b84e967a3644305885c415ba76e5ef |
bind-chroot-9.3.4-10.P1.el5.s390x.rpm | SHA-256: 8c1b4418cfd04332c3026dc2679593f3f3200c897109f472e797a80619d3e0d7 |
bind-devel-9.3.4-10.P1.el5.s390.rpm | SHA-256: c05bde1af0ec3cadec9424a5d5dbcc8ee673a4e0494f72b67f6d38631171ad33 |
bind-devel-9.3.4-10.P1.el5.s390x.rpm | SHA-256: 8c0e1cc08c10d8a85bdd7d6709d3f5ace883fc3939f304091678331211f5cfc3 |
bind-libbind-devel-9.3.4-10.P1.el5.s390.rpm | SHA-256: 6f724eca9e11fc27243fa7f71880d36b02eaa9cab522e2f9b83df291399071fd |
bind-libbind-devel-9.3.4-10.P1.el5.s390x.rpm | SHA-256: 7214045b9ee7cb81ca3c8f91efbe1246ef16bd59ed0a234f580f250a4a4f82ad |
bind-libs-9.3.4-10.P1.el5.s390.rpm | SHA-256: 6dac75acae0e03c5f5f5acae16b2c49fb8e489c77e277f8223328cfcaf2a3512 |
bind-libs-9.3.4-10.P1.el5.s390x.rpm | SHA-256: 727fa585c0a149cdc3458bebbdeb72e2f40c43920aa12a215e1ecb5dbbd7d086 |
bind-sdb-9.3.4-10.P1.el5.s390x.rpm | SHA-256: 5f657f51e460ffaab747c4c1b014a8af706ff69174d2eb55e75992c56bbe8400 |
bind-utils-9.3.4-10.P1.el5.s390x.rpm | SHA-256: 4d77737806c8c65afba396bde3343bb88eeeea441130fc2f3c15952248493899 |
caching-nameserver-9.3.4-10.P1.el5.s390x.rpm | SHA-256: 72a12d40cc327d064ce1863df2a935a4fcd95c07d2732e7f5d84d95dfc74eba7 |
Red Hat Enterprise Linux for Power, big endian 5
SRPM | |
---|---|
bind-9.3.4-10.P1.el5.src.rpm | SHA-256: 2908898969f694d1a0d1da1d13700e404e0765b91df03d0c239e771ab0458fe9 |
ppc | |
bind-9.3.4-10.P1.el5.ppc.rpm | SHA-256: d79c6b02bdd15fdb7a1fe3bf7c63a54824e418bdfaad89ab1fd86e5d78c6b0c4 |
bind-chroot-9.3.4-10.P1.el5.ppc.rpm | SHA-256: e8a9e970748ee2f796059bcf2a166afd80fa224c18e1955298598f707cf9f1a2 |
bind-devel-9.3.4-10.P1.el5.ppc.rpm | SHA-256: c5a9958aef2fb1a86ccc25fcd34b32a004ed98fb3f75df73e47179536a0f2bc2 |
bind-devel-9.3.4-10.P1.el5.ppc64.rpm | SHA-256: 973e770b1e1bd16e407659a967e715a83f48c3437fbb1271a6cc5359c0e226aa |
bind-libbind-devel-9.3.4-10.P1.el5.ppc.rpm | SHA-256: b6d0648d53ffd9a8029b50177e5a3d35e4ec0fd705ac03015a64c1eb65998a84 |
bind-libbind-devel-9.3.4-10.P1.el5.ppc64.rpm | SHA-256: 2fbec89d3702e1139193f37ebc3de30dd62b4025297af9dfb229382c81a343ec |
bind-libs-9.3.4-10.P1.el5.ppc.rpm | SHA-256: 2821f4008d013f207ef092efcb982c67400bfd3b3d6cc30b422fe6d2d8da5ef5 |
bind-libs-9.3.4-10.P1.el5.ppc64.rpm | SHA-256: cc0ee59c05d1acd8eb5693585af6f382bb7e1bb5ccfd3a9dee35e1b060f9300a |
bind-sdb-9.3.4-10.P1.el5.ppc.rpm | SHA-256: ccba4d9265aea5f9f4b518d7914712153d8e67afee164e61aae4c754309bb672 |
bind-utils-9.3.4-10.P1.el5.ppc.rpm | SHA-256: 49498492358d9a825e400bec29da5a4a8c6c95fdd6abb5534dbd2a8ef1f49fab |
caching-nameserver-9.3.4-10.P1.el5.ppc.rpm | SHA-256: 81509ef86bab86c1251b4b89ff1ea245ab33b4549c6391650dfa34df7c5525f3 |
Red Hat Enterprise Linux Server from RHUI 5
SRPM | |
---|---|
bind-9.3.4-10.P1.el5.src.rpm | SHA-256: 2908898969f694d1a0d1da1d13700e404e0765b91df03d0c239e771ab0458fe9 |
x86_64 | |
bind-9.3.4-10.P1.el5.x86_64.rpm | SHA-256: d0b1818a0c6fa788919a5163777060582ddfffd1997bcb8012607849292682f7 |
bind-chroot-9.3.4-10.P1.el5.x86_64.rpm | SHA-256: aa56270cfb81e9b6c20145fa4e9e1369a35eba385cda118f6738bd1faf09dedb |
bind-devel-9.3.4-10.P1.el5.i386.rpm | SHA-256: 16363f06a5ea8ea55e7f60c820df25ed5a89b4a81fd9b1a91d9b2084dd83445b |
bind-devel-9.3.4-10.P1.el5.x86_64.rpm | SHA-256: f8c273252c3887aabc9adb8e6ebe34d772621d4fc7130a74690de0d668858970 |
bind-libbind-devel-9.3.4-10.P1.el5.i386.rpm | SHA-256: 9526ad9b2dc84c5fe831ae52c0cbd69442faf566c50b7491329e240f5d270091 |
bind-libbind-devel-9.3.4-10.P1.el5.x86_64.rpm | SHA-256: 73f22ba71b930d0bb657b27e8e76029a5e2b7d219df2fd94263ea6f05bcf2b74 |
bind-libs-9.3.4-10.P1.el5.i386.rpm | SHA-256: 7381f11ddb1a515a2742a778a788a52fe7d0960d660ce6d1bbc716c9b1e4f73f |
bind-libs-9.3.4-10.P1.el5.x86_64.rpm | SHA-256: 4fae85d1eb7d854814986f8400c12c6237a59448ce1a8d8b50ce719411c6a391 |
bind-sdb-9.3.4-10.P1.el5.x86_64.rpm | SHA-256: 1d2a531fd3c7b579cc40d0998303b8228514653a4a0005050bc80b9212ef2627 |
bind-utils-9.3.4-10.P1.el5.x86_64.rpm | SHA-256: 26b52de19c9c342917de6e4d5632e30255a34c8cc88337209c386a0e28a284c3 |
caching-nameserver-9.3.4-10.P1.el5.x86_64.rpm | SHA-256: 38e2ef901560f3c851c3a7c8fd599f236d4f1e0311329c25a3d08e1b484f2254 |
i386 | |
bind-9.3.4-10.P1.el5.i386.rpm | SHA-256: 35daa98fb912374aa6b00ed7eb5139b2459542d89d6df06dfdd5e0c8887b2184 |
bind-chroot-9.3.4-10.P1.el5.i386.rpm | SHA-256: 99eb1fa27e91d2480d998ac5a861236bc35e1e28396d463d78ca01ca956b53a4 |
bind-devel-9.3.4-10.P1.el5.i386.rpm | SHA-256: 16363f06a5ea8ea55e7f60c820df25ed5a89b4a81fd9b1a91d9b2084dd83445b |
bind-libbind-devel-9.3.4-10.P1.el5.i386.rpm | SHA-256: 9526ad9b2dc84c5fe831ae52c0cbd69442faf566c50b7491329e240f5d270091 |
bind-libs-9.3.4-10.P1.el5.i386.rpm | SHA-256: 7381f11ddb1a515a2742a778a788a52fe7d0960d660ce6d1bbc716c9b1e4f73f |
bind-sdb-9.3.4-10.P1.el5.i386.rpm | SHA-256: c4b8b23291b551c76d94a69e4b008137d5815e21b19416205a271ac1e1bc086a |
bind-utils-9.3.4-10.P1.el5.i386.rpm | SHA-256: dd5829bfaff5160db1a46e8bd0e59ec46032293617a40e587790cf42b9a9c072 |
caching-nameserver-9.3.4-10.P1.el5.i386.rpm | SHA-256: c3a8e111cc6f9137821dba0244e0a158fcc23504eb409acf0b38ab7ed2046970 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.