Skip to navigation

Security Advisory Important: bind-dyndb-ldap security update

Advisory: RHSA-2012:1139-1
Type: Security Advisory
Severity: Important
Issued on: 2012-08-03
Last updated on: 2012-08-03
Affected Products: Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.3.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2012-3429

Details

An updated bind-dyndb-ldap package that fixes one security issue is now
available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The dynamic LDAP back end is a plug-in for BIND that provides back-end
capabilities to LDAP databases. It features support for dynamic updates and
internal caching that help to reduce the load on LDAP servers.

A flaw was found in the way bind-dyndb-ldap performed the escaping of names
from DNS requests for use in LDAP queries. A remote attacker able to send
DNS queries to a named server that is configured to use bind-dyndb-ldap
could use this flaw to cause named to exit unexpectedly with an assertion
failure. (CVE-2012-3429)

Red Hat would like to thank Sigbjorn Lie of Atea Norway for reporting this
issue.

All bind-dyndb-ldap users should upgrade to this updated package, which
contains a backported patch to correct this issue. For the update to take
effect, the named service must be restarted.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Linux Server (v. 6)

SRPMS:
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.src.rpm
File outdated by:  RHBA-2013:1636
    MD5: 08c26aff14a70b15e0ca2aa6b2e67d92
SHA-256: 20a1a42505e7ff6dc69ea8b8b9ea14e5a8943f7dbea09e08f15cae7cf7bfdd8e
 
IA-32:
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.i686.rpm
File outdated by:  RHBA-2013:1636
    MD5: 6c23f16705853ac029f08f7545b2cd96
SHA-256: c2a6fcf68e1c8cca16730144c7edb465417fcbe8d58fb59b6450ad726e4e8205
bind-dyndb-ldap-debuginfo-1.1.0-0.9.b1.el6_3.1.i686.rpm
File outdated by:  RHBA-2013:1636
    MD5: 065fa409b1da92b4811e1ff47846be67
SHA-256: 5820008b85df4abdb90be9ab5af4197cc0b43e45257d6955db6aaa7c34086e02
 
PPC:
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.ppc64.rpm
File outdated by:  RHBA-2013:1636
    MD5: 7d14b46f9e1291d4c120bc501e4899e0
SHA-256: 624d52fc317c879513099f641360dc7d643e8bba7852d2d7fc02933d79aae1eb
bind-dyndb-ldap-debuginfo-1.1.0-0.9.b1.el6_3.1.ppc64.rpm
File outdated by:  RHBA-2013:1636
    MD5: 824602fe21c18bc695c00033e784d388
SHA-256: 7343adfcd615b7f909b1505dba6d3aadf6e2157791b2cb767ad36467ec0c8537
 
s390x:
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.s390x.rpm
File outdated by:  RHBA-2013:1636
    MD5: 2f849bb255de69e286b6c546e8c5eadc
SHA-256: 8e66fa4b9504c93eee96d0a9f926924ac97c3677374125fe7140a933ba2565f4
bind-dyndb-ldap-debuginfo-1.1.0-0.9.b1.el6_3.1.s390x.rpm
File outdated by:  RHBA-2013:1636
    MD5: 57a78b96c1ea1d4eb2a4542b8e579f6a
SHA-256: d27bac52092de61e2bc69969ef27f4fbc0c11d0f388baf959c38d2477f46227e
 
x86_64:
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.x86_64.rpm
File outdated by:  RHBA-2013:1636
    MD5: 32e24169e96d8db6afc7681769d9cdb6
SHA-256: dacb474a9be104ed2078954b956c9139ee65fe063b467a13ce0cfa0334ed102a
bind-dyndb-ldap-debuginfo-1.1.0-0.9.b1.el6_3.1.x86_64.rpm
File outdated by:  RHBA-2013:1636
    MD5: ca3ae7ea034d20e46679a200c1aebbda
SHA-256: 0518c9e0f5adaa14b8fde599d76fa6a7f27a2327fadff78ef842ee8a941dbcf3
 
Red Hat Enterprise Linux Server EUS (v. 6.3.z)

SRPMS:
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.src.rpm
File outdated by:  RHBA-2013:1636
    MD5: 08c26aff14a70b15e0ca2aa6b2e67d92
SHA-256: 20a1a42505e7ff6dc69ea8b8b9ea14e5a8943f7dbea09e08f15cae7cf7bfdd8e
 
IA-32:
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.i686.rpm     MD5: 6c23f16705853ac029f08f7545b2cd96
SHA-256: c2a6fcf68e1c8cca16730144c7edb465417fcbe8d58fb59b6450ad726e4e8205
bind-dyndb-ldap-debuginfo-1.1.0-0.9.b1.el6_3.1.i686.rpm     MD5: 065fa409b1da92b4811e1ff47846be67
SHA-256: 5820008b85df4abdb90be9ab5af4197cc0b43e45257d6955db6aaa7c34086e02
 
PPC:
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.ppc64.rpm     MD5: 7d14b46f9e1291d4c120bc501e4899e0
SHA-256: 624d52fc317c879513099f641360dc7d643e8bba7852d2d7fc02933d79aae1eb
bind-dyndb-ldap-debuginfo-1.1.0-0.9.b1.el6_3.1.ppc64.rpm     MD5: 824602fe21c18bc695c00033e784d388
SHA-256: 7343adfcd615b7f909b1505dba6d3aadf6e2157791b2cb767ad36467ec0c8537
 
s390x:
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.s390x.rpm     MD5: 2f849bb255de69e286b6c546e8c5eadc
SHA-256: 8e66fa4b9504c93eee96d0a9f926924ac97c3677374125fe7140a933ba2565f4
bind-dyndb-ldap-debuginfo-1.1.0-0.9.b1.el6_3.1.s390x.rpm     MD5: 57a78b96c1ea1d4eb2a4542b8e579f6a
SHA-256: d27bac52092de61e2bc69969ef27f4fbc0c11d0f388baf959c38d2477f46227e
 
x86_64:
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.x86_64.rpm     MD5: 32e24169e96d8db6afc7681769d9cdb6
SHA-256: dacb474a9be104ed2078954b956c9139ee65fe063b467a13ce0cfa0334ed102a
bind-dyndb-ldap-debuginfo-1.1.0-0.9.b1.el6_3.1.x86_64.rpm     MD5: ca3ae7ea034d20e46679a200c1aebbda
SHA-256: 0518c9e0f5adaa14b8fde599d76fa6a7f27a2327fadff78ef842ee8a941dbcf3
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.src.rpm
File outdated by:  RHBA-2013:1636
    MD5: 08c26aff14a70b15e0ca2aa6b2e67d92
SHA-256: 20a1a42505e7ff6dc69ea8b8b9ea14e5a8943f7dbea09e08f15cae7cf7bfdd8e
 
IA-32:
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.i686.rpm
File outdated by:  RHBA-2013:1636
    MD5: 6c23f16705853ac029f08f7545b2cd96
SHA-256: c2a6fcf68e1c8cca16730144c7edb465417fcbe8d58fb59b6450ad726e4e8205
bind-dyndb-ldap-debuginfo-1.1.0-0.9.b1.el6_3.1.i686.rpm
File outdated by:  RHBA-2013:1636
    MD5: 065fa409b1da92b4811e1ff47846be67
SHA-256: 5820008b85df4abdb90be9ab5af4197cc0b43e45257d6955db6aaa7c34086e02
 
x86_64:
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.x86_64.rpm
File outdated by:  RHBA-2013:1636
    MD5: 32e24169e96d8db6afc7681769d9cdb6
SHA-256: dacb474a9be104ed2078954b956c9139ee65fe063b467a13ce0cfa0334ed102a
bind-dyndb-ldap-debuginfo-1.1.0-0.9.b1.el6_3.1.x86_64.rpm
File outdated by:  RHBA-2013:1636
    MD5: ca3ae7ea034d20e46679a200c1aebbda
SHA-256: 0518c9e0f5adaa14b8fde599d76fa6a7f27a2327fadff78ef842ee8a941dbcf3
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

842466 - CVE-2012-3429 bind-dyndb-ldap: named DoS via DNS query with $ in name


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/