Security Advisory Moderate: bind security update

Advisory: RHSA-2010:0062-1
Type: Security Advisory
Severity: Moderate
Issued on: 2010-01-20
Last updated on: 2010-01-20
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux EUS (v. 5.4.z server)
CVEs (cve.mitre.org): CVE-2010-0097
CVE-2010-0290
CVE-2010-0382

Details

Updated bind packages that fix two security issues are now available for
Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.

A flaw was found in the BIND DNSSEC NSEC/NSEC3 validation code. If BIND was
running as a DNSSEC-validating resolver, it could incorrectly cache
NXDOMAIN responses, as if they were valid, for records proven by NSEC or
NSEC3 to exist. A remote attacker could use this flaw to cause a BIND
server to return the bogus, cached NXDOMAIN responses for valid records and
prevent users from retrieving those records (denial of service).
(CVE-2010-0097)

The original fix for CVE-2009-4022 was found to be incomplete. BIND was
incorrectly caching certain responses without performing proper DNSSEC
validation. CNAME and DNAME records could be cached, without proper DNSSEC
validation, when received from processing recursive client queries that
requested DNSSEC records but indicated that checking should be disabled. A
remote attacker could use this flaw to bypass the DNSSEC validation check
and perform a cache poisoning attack if the target BIND server was
receiving such client queries. (CVE-2010-0290)

All BIND users are advised to upgrade to these updated packages, which
contain a backported patch to resolve these issues. After installing the
update, the BIND daemon (named) will be restarted automatically.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
bind-9.3.6-4.P1.el5_4.2.src.rpm
File outdated by:  RHSA-2014:1984
    MD5: 1f4e9441ca67a507607ec7deb3cbe5d6
 
IA-32:
bind-chroot-9.3.6-4.P1.el5_4.2.i386.rpm
File outdated by:  RHSA-2014:1984
    MD5: 0d573be985607fb80692638c3178c749
bind-devel-9.3.6-4.P1.el5_4.2.i386.rpm
File outdated by:  RHSA-2014:1984
    MD5: f0be875e1320239dd8d61b0400dba3ad
bind-libbind-devel-9.3.6-4.P1.el5_4.2.i386.rpm
File outdated by:  RHSA-2014:1984
    MD5: c872709a7e1abf7ef902da1ab58d8d6b
caching-nameserver-9.3.6-4.P1.el5_4.2.i386.rpm
File outdated by:  RHSA-2014:1984
    MD5: 3791dcb85c942ee4f238543ab9098fb2
 
x86_64:
bind-chroot-9.3.6-4.P1.el5_4.2.x86_64.rpm
File outdated by:  RHSA-2014:1984
    MD5: ad829102d711b9cc3b3aca79186180fa
bind-devel-9.3.6-4.P1.el5_4.2.i386.rpm
File outdated by:  RHSA-2014:1984
    MD5: f0be875e1320239dd8d61b0400dba3ad
bind-devel-9.3.6-4.P1.el5_4.2.x86_64.rpm
File outdated by:  RHSA-2014:1984
    MD5: 702e9bbc5cd370227f635f85d64e6848
bind-libbind-devel-9.3.6-4.P1.el5_4.2.i386.rpm
File outdated by:  RHSA-2014:1984
    MD5: c872709a7e1abf7ef902da1ab58d8d6b
bind-libbind-devel-9.3.6-4.P1.el5_4.2.x86_64.rpm
File outdated by:  RHSA-2014:1984
    MD5: 7d6fbdac76d05bc70ba20798711ef2c8
caching-nameserver-9.3.6-4.P1.el5_4.2.x86_64.rpm
File outdated by:  RHSA-2014:1984
    MD5: bb0bd31964f4ce89d8ce4e9c4fe0784a
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
bind-9.3.6-4.P1.el5_4.2.src.rpm
File outdated by:  RHSA-2014:1984
    MD5: 1f4e9441ca67a507607ec7deb3cbe5d6
 
IA-32:
bind-9.3.6-4.P1.el5_4.2.i386.rpm
File outdated by:  RHSA-2014:1984
    MD5: 835038d1ab8ea4ca1f3e6b933fbaafcc
bind-chroot-9.3.6-4.P1.el5_4.2.i386.rpm
File outdated by:  RHSA-2014:1984
    MD5: 0d573be985607fb80692638c3178c749
bind-devel-9.3.6-4.P1.el5_4.2.i386.rpm
File outdated by:  RHSA-2014:1984
    MD5: f0be875e1320239dd8d61b0400dba3ad
bind-libbind-devel-9.3.6-4.P1.el5_4.2.i386.rpm
File outdated by:  RHSA-2014:1984
    MD5: c872709a7e1abf7ef902da1ab58d8d6b
bind-libs-9.3.6-4.P1.el5_4.2.i386.rpm
File outdated by:  RHSA-2014:1984
    MD5: 8ec4dfc7759456cd4ab13e92a3a0e02f
bind-sdb-9.3.6-4.P1.el5_4.2.i386.rpm
File outdated by:  RHSA-2014:1984
    MD5: c2cf4526f62f4833b997cc9be227dfd6
bind-utils-9.3.6-4.P1.el5_4.2.i386.rpm
File outdated by:  RHSA-2014:1984
    MD5: 0b63bab9bd2c136a2886014f912411cd
caching-nameserver-9.3.6-4.P1.el5_4.2.i386.rpm
File outdated by:  RHSA-2014:1984
    MD5: 3791dcb85c942ee4f238543ab9098fb2
 
IA-64:
bind-9.3.6-4.P1.el5_4.2.ia64.rpm
File outdated by:  RHSA-2014:1984
    MD5: 6a3a24614f511cd00127f6669be18957
bind-chroot-9.3.6-4.P1.el5_4.2.ia64.rpm
File outdated by:  RHSA-2014:1984
    MD5: 9941612ed05c13598f98f808e3ea9d3b
bind-devel-9.3.6-4.P1.el5_4.2.ia64.rpm
File outdated by:  RHSA-2014:1984
    MD5: f5a1aeb84a664846bde1890e8bceabc9
bind-libbind-devel-9.3.6-4.P1.el5_4.2.ia64.rpm
File outdated by:  RHSA-2014:1984
    MD5: 71a806a2cd96f6b5d95f7c995b1e4eff
bind-libs-9.3.6-4.P1.el5_4.2.i386.rpm
File outdated by:  RHSA-2014:1984
    MD5: 8ec4dfc7759456cd4ab13e92a3a0e02f
bind-libs-9.3.6-4.P1.el5_4.2.ia64.rpm
File outdated by:  RHSA-2014:1984
    MD5: 873b81da8b85753be0f0e0df565290a5
bind-sdb-9.3.6-4.P1.el5_4.2.ia64.rpm
File outdated by:  RHSA-2014:1984
    MD5: 5e804559ad4baebab43ed4f5551f2184
bind-utils-9.3.6-4.P1.el5_4.2.ia64.rpm
File outdated by:  RHSA-2014:1984
    MD5: c8b62ab122a3d32004fed77f741c27e6
caching-nameserver-9.3.6-4.P1.el5_4.2.ia64.rpm
File outdated by:  RHSA-2014:1984
    MD5: 5a04c25c391c8ee4104660221456be3c
 
PPC:
bind-9.3.6-4.P1.el5_4.2.ppc.rpm
File outdated by:  RHSA-2014:1984
    MD5: 6e3d1d4ba9d024c8ae5ff6f4c7979487
bind-chroot-9.3.6-4.P1.el5_4.2.ppc.rpm
File outdated by:  RHSA-2014:1984
    MD5: 101e4999a292ffe433eaad4e8d727e62
bind-devel-9.3.6-4.P1.el5_4.2.ppc.rpm
File outdated by:  RHSA-2014:1984
    MD5: 1dfff84ff2fc77e32599595f51602027
bind-devel-9.3.6-4.P1.el5_4.2.ppc64.rpm
File outdated by:  RHSA-2014:1984
    MD5: 4e5195cc82536ab3d9f9810197f71c14
bind-libbind-devel-9.3.6-4.P1.el5_4.2.ppc.rpm
File outdated by:  RHSA-2014:1984
    MD5: c7097a338b2e61365808c34dfde25973
bind-libbind-devel-9.3.6-4.P1.el5_4.2.ppc64.rpm
File outdated by:  RHSA-2014:1984
    MD5: ec7c5611d9e05d53e2d4d03e6ca3fb5e
bind-libs-9.3.6-4.P1.el5_4.2.ppc.rpm
File outdated by:  RHSA-2014:1984
    MD5: 4adc0494f10411a600d988cb7fbeb35a
bind-libs-9.3.6-4.P1.el5_4.2.ppc64.rpm
File outdated by:  RHSA-2014:1984
    MD5: 6fbecec04c6aee00990d20e43a2db94a
bind-sdb-9.3.6-4.P1.el5_4.2.ppc.rpm
File outdated by:  RHSA-2014:1984
    MD5: bece29a6867d14f754f85fbf2053c56a
bind-utils-9.3.6-4.P1.el5_4.2.ppc.rpm
File outdated by:  RHSA-2014:1984
    MD5: 19eac6f35b8a98d2ea3376a662d8b15a
caching-nameserver-9.3.6-4.P1.el5_4.2.ppc.rpm
File outdated by:  RHSA-2014:1984
    MD5: 5ba383880183bbc0c2f5b1782d385e1e
 
s390x:
bind-9.3.6-4.P1.el5_4.2.s390x.rpm
File outdated by:  RHSA-2014:1984
    MD5: f3c233abc0dfb6279c5733db11095bf7
bind-chroot-9.3.6-4.P1.el5_4.2.s390x.rpm
File outdated by:  RHSA-2014:1984
    MD5: 0b0e556aa55742bd1099e083b197de48
bind-devel-9.3.6-4.P1.el5_4.2.s390.rpm
File outdated by:  RHSA-2014:1984
    MD5: eee1d315e0650adae8ac022f945ca590
bind-devel-9.3.6-4.P1.el5_4.2.s390x.rpm
File outdated by:  RHSA-2014:1984
    MD5: 6c8875c6c126bb3accad3542b1c905f2
bind-libbind-devel-9.3.6-4.P1.el5_4.2.s390.rpm
File outdated by:  RHSA-2014:1984
    MD5: fc0cf67513e3d86acfadb733b9f94675
bind-libbind-devel-9.3.6-4.P1.el5_4.2.s390x.rpm
File outdated by:  RHSA-2014:1984
    MD5: 6a8d400dc6e2bb7f81c9d5a9154c5d45
bind-libs-9.3.6-4.P1.el5_4.2.s390.rpm
File outdated by:  RHSA-2014:1984
    MD5: 811e79eba471da103d1825a1198d787d
bind-libs-9.3.6-4.P1.el5_4.2.s390x.rpm
File outdated by:  RHSA-2014:1984
    MD5: 47bc4b7d265b999e7ec310b2d7586783
bind-sdb-9.3.6-4.P1.el5_4.2.s390x.rpm
File outdated by:  RHSA-2014:1984
    MD5: 0a3f8d38a1ac4b362fdfa52547706944
bind-utils-9.3.6-4.P1.el5_4.2.s390x.rpm
File outdated by:  RHSA-2014:1984
    MD5: d7c251d7d9b41b3f5631840fe259f3aa
caching-nameserver-9.3.6-4.P1.el5_4.2.s390x.rpm
File outdated by:  RHSA-2014:1984
    MD5: 4d3eae83f9e1aeac2d19b42822fce4c8
 
x86_64:
bind-9.3.6-4.P1.el5_4.2.x86_64.rpm
File outdated by:  RHSA-2014:1984
    MD5: a0bc40c92c8a95819a595b13990fee94
bind-chroot-9.3.6-4.P1.el5_4.2.x86_64.rpm
File outdated by:  RHSA-2014:1984
    MD5: ad829102d711b9cc3b3aca79186180fa
bind-devel-9.3.6-4.P1.el5_4.2.i386.rpm
File outdated by:  RHSA-2014:1984
    MD5: f0be875e1320239dd8d61b0400dba3ad
bind-devel-9.3.6-4.P1.el5_4.2.x86_64.rpm
File outdated by:  RHSA-2014:1984
    MD5: 702e9bbc5cd370227f635f85d64e6848
bind-libbind-devel-9.3.6-4.P1.el5_4.2.i386.rpm
File outdated by:  RHSA-2014:1984
    MD5: c872709a7e1abf7ef902da1ab58d8d6b
bind-libbind-devel-9.3.6-4.P1.el5_4.2.x86_64.rpm
File outdated by:  RHSA-2014:1984
    MD5: 7d6fbdac76d05bc70ba20798711ef2c8
bind-libs-9.3.6-4.P1.el5_4.2.i386.rpm
File outdated by:  RHSA-2014:1984
    MD5: 8ec4dfc7759456cd4ab13e92a3a0e02f
bind-libs-9.3.6-4.P1.el5_4.2.x86_64.rpm
File outdated by:  RHSA-2014:1984
    MD5: 32fb99f253180ede2f8973fdcb9c8adb
bind-sdb-9.3.6-4.P1.el5_4.2.x86_64.rpm
File outdated by:  RHSA-2014:1984
    MD5: 82566f0b7840988a4ce193b019b159ae
bind-utils-9.3.6-4.P1.el5_4.2.x86_64.rpm
File outdated by:  RHSA-2014:1984
    MD5: d9c4234aca2b212f7d4a0a924543c5c9
caching-nameserver-9.3.6-4.P1.el5_4.2.x86_64.rpm
File outdated by:  RHSA-2014:1984
    MD5: bb0bd31964f4ce89d8ce4e9c4fe0784a
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
bind-9.3.6-4.P1.el5_4.2.src.rpm
File outdated by:  RHSA-2014:1984
    MD5: 1f4e9441ca67a507607ec7deb3cbe5d6
 
IA-32:
bind-9.3.6-4.P1.el5_4.2.i386.rpm
File outdated by:  RHSA-2014:1984
    MD5: 835038d1ab8ea4ca1f3e6b933fbaafcc
bind-libs-9.3.6-4.P1.el5_4.2.i386.rpm
File outdated by:  RHSA-2014:1984
    MD5: 8ec4dfc7759456cd4ab13e92a3a0e02f
bind-sdb-9.3.6-4.P1.el5_4.2.i386.rpm
File outdated by:  RHSA-2014:1984
    MD5: c2cf4526f62f4833b997cc9be227dfd6
bind-utils-9.3.6-4.P1.el5_4.2.i386.rpm
File outdated by:  RHSA-2014:1984
    MD5: 0b63bab9bd2c136a2886014f912411cd
 
x86_64:
bind-9.3.6-4.P1.el5_4.2.x86_64.rpm
File outdated by:  RHSA-2014:1984
    MD5: a0bc40c92c8a95819a595b13990fee94
bind-libs-9.3.6-4.P1.el5_4.2.i386.rpm
File outdated by:  RHSA-2014:1984
    MD5: 8ec4dfc7759456cd4ab13e92a3a0e02f
bind-libs-9.3.6-4.P1.el5_4.2.x86_64.rpm
File outdated by:  RHSA-2014:1984
    MD5: 32fb99f253180ede2f8973fdcb9c8adb
bind-sdb-9.3.6-4.P1.el5_4.2.x86_64.rpm
File outdated by:  RHSA-2014:1984
    MD5: 82566f0b7840988a4ce193b019b159ae
bind-utils-9.3.6-4.P1.el5_4.2.x86_64.rpm
File outdated by:  RHSA-2014:1984
    MD5: d9c4234aca2b212f7d4a0a924543c5c9
 
Red Hat Enterprise Linux EUS (v. 5.4.z server)

SRPMS:
bind-9.3.6-4.P1.el5_4.2.src.rpm
File outdated by:  RHSA-2014:1984
    MD5: 1f4e9441ca67a507607ec7deb3cbe5d6
 
IA-32:
bind-9.3.6-4.P1.el5_4.2.i386.rpm     MD5: 835038d1ab8ea4ca1f3e6b933fbaafcc
bind-chroot-9.3.6-4.P1.el5_4.2.i386.rpm     MD5: 0d573be985607fb80692638c3178c749
bind-devel-9.3.6-4.P1.el5_4.2.i386.rpm     MD5: f0be875e1320239dd8d61b0400dba3ad
bind-libbind-devel-9.3.6-4.P1.el5_4.2.i386.rpm     MD5: c872709a7e1abf7ef902da1ab58d8d6b
bind-libs-9.3.6-4.P1.el5_4.2.i386.rpm     MD5: 8ec4dfc7759456cd4ab13e92a3a0e02f
bind-sdb-9.3.6-4.P1.el5_4.2.i386.rpm     MD5: c2cf4526f62f4833b997cc9be227dfd6
bind-utils-9.3.6-4.P1.el5_4.2.i386.rpm     MD5: 0b63bab9bd2c136a2886014f912411cd
caching-nameserver-9.3.6-4.P1.el5_4.2.i386.rpm     MD5: 3791dcb85c942ee4f238543ab9098fb2
 
IA-64:
bind-9.3.6-4.P1.el5_4.2.ia64.rpm     MD5: 6a3a24614f511cd00127f6669be18957
bind-chroot-9.3.6-4.P1.el5_4.2.ia64.rpm     MD5: 9941612ed05c13598f98f808e3ea9d3b
bind-devel-9.3.6-4.P1.el5_4.2.ia64.rpm     MD5: f5a1aeb84a664846bde1890e8bceabc9
bind-libbind-devel-9.3.6-4.P1.el5_4.2.ia64.rpm     MD5: 71a806a2cd96f6b5d95f7c995b1e4eff
bind-libs-9.3.6-4.P1.el5_4.2.i386.rpm     MD5: 8ec4dfc7759456cd4ab13e92a3a0e02f
bind-libs-9.3.6-4.P1.el5_4.2.ia64.rpm     MD5: 873b81da8b85753be0f0e0df565290a5
bind-sdb-9.3.6-4.P1.el5_4.2.ia64.rpm     MD5: 5e804559ad4baebab43ed4f5551f2184
bind-utils-9.3.6-4.P1.el5_4.2.ia64.rpm     MD5: c8b62ab122a3d32004fed77f741c27e6
caching-nameserver-9.3.6-4.P1.el5_4.2.ia64.rpm     MD5: 5a04c25c391c8ee4104660221456be3c
 
PPC:
bind-9.3.6-4.P1.el5_4.2.ppc.rpm     MD5: 6e3d1d4ba9d024c8ae5ff6f4c7979487
bind-chroot-9.3.6-4.P1.el5_4.2.ppc.rpm     MD5: 101e4999a292ffe433eaad4e8d727e62
bind-devel-9.3.6-4.P1.el5_4.2.ppc.rpm     MD5: 1dfff84ff2fc77e32599595f51602027
bind-devel-9.3.6-4.P1.el5_4.2.ppc64.rpm     MD5: 4e5195cc82536ab3d9f9810197f71c14
bind-libbind-devel-9.3.6-4.P1.el5_4.2.ppc.rpm     MD5: c7097a338b2e61365808c34dfde25973
bind-libbind-devel-9.3.6-4.P1.el5_4.2.ppc64.rpm     MD5: ec7c5611d9e05d53e2d4d03e6ca3fb5e
bind-libs-9.3.6-4.P1.el5_4.2.ppc.rpm     MD5: 4adc0494f10411a600d988cb7fbeb35a
bind-libs-9.3.6-4.P1.el5_4.2.ppc64.rpm     MD5: 6fbecec04c6aee00990d20e43a2db94a
bind-sdb-9.3.6-4.P1.el5_4.2.ppc.rpm     MD5: bece29a6867d14f754f85fbf2053c56a
bind-utils-9.3.6-4.P1.el5_4.2.ppc.rpm     MD5: 19eac6f35b8a98d2ea3376a662d8b15a
caching-nameserver-9.3.6-4.P1.el5_4.2.ppc.rpm     MD5: 5ba383880183bbc0c2f5b1782d385e1e
 
s390x:
bind-9.3.6-4.P1.el5_4.2.s390x.rpm     MD5: f3c233abc0dfb6279c5733db11095bf7
bind-chroot-9.3.6-4.P1.el5_4.2.s390x.rpm     MD5: 0b0e556aa55742bd1099e083b197de48
bind-devel-9.3.6-4.P1.el5_4.2.s390.rpm     MD5: eee1d315e0650adae8ac022f945ca590
bind-devel-9.3.6-4.P1.el5_4.2.s390x.rpm     MD5: 6c8875c6c126bb3accad3542b1c905f2
bind-libbind-devel-9.3.6-4.P1.el5_4.2.s390.rpm     MD5: fc0cf67513e3d86acfadb733b9f94675
bind-libbind-devel-9.3.6-4.P1.el5_4.2.s390x.rpm     MD5: 6a8d400dc6e2bb7f81c9d5a9154c5d45
bind-libs-9.3.6-4.P1.el5_4.2.s390.rpm     MD5: 811e79eba471da103d1825a1198d787d
bind-libs-9.3.6-4.P1.el5_4.2.s390x.rpm     MD5: 47bc4b7d265b999e7ec310b2d7586783
bind-sdb-9.3.6-4.P1.el5_4.2.s390x.rpm     MD5: 0a3f8d38a1ac4b362fdfa52547706944
bind-utils-9.3.6-4.P1.el5_4.2.s390x.rpm     MD5: d7c251d7d9b41b3f5631840fe259f3aa
caching-nameserver-9.3.6-4.P1.el5_4.2.s390x.rpm     MD5: 4d3eae83f9e1aeac2d19b42822fce4c8
 
x86_64:
bind-9.3.6-4.P1.el5_4.2.x86_64.rpm     MD5: a0bc40c92c8a95819a595b13990fee94
bind-chroot-9.3.6-4.P1.el5_4.2.x86_64.rpm     MD5: ad829102d711b9cc3b3aca79186180fa
bind-devel-9.3.6-4.P1.el5_4.2.i386.rpm     MD5: f0be875e1320239dd8d61b0400dba3ad
bind-devel-9.3.6-4.P1.el5_4.2.x86_64.rpm     MD5: 702e9bbc5cd370227f635f85d64e6848
bind-libbind-devel-9.3.6-4.P1.el5_4.2.i386.rpm     MD5: c872709a7e1abf7ef902da1ab58d8d6b
bind-libbind-devel-9.3.6-4.P1.el5_4.2.x86_64.rpm     MD5: 7d6fbdac76d05bc70ba20798711ef2c8
bind-libs-9.3.6-4.P1.el5_4.2.i386.rpm     MD5: 8ec4dfc7759456cd4ab13e92a3a0e02f
bind-libs-9.3.6-4.P1.el5_4.2.x86_64.rpm     MD5: 32fb99f253180ede2f8973fdcb9c8adb
bind-sdb-9.3.6-4.P1.el5_4.2.x86_64.rpm     MD5: 82566f0b7840988a4ce193b019b159ae
bind-utils-9.3.6-4.P1.el5_4.2.x86_64.rpm     MD5: d9c4234aca2b212f7d4a0a924543c5c9
caching-nameserver-9.3.6-4.P1.el5_4.2.x86_64.rpm     MD5: bb0bd31964f4ce89d8ce4e9c4fe0784a
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

554851 - CVE-2010-0097 BIND DNSSEC NSEC/NSEC3 validation code could cause bogus NXDOMAIN responses
557121 - CVE-2010-0290 BIND upstream fix for CVE-2009-4022 is incomplete


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/