Security Advisory Important: bind security update

Advisory: RHSA-2012:1365-1
Type: Security Advisory
Severity: Important
Issued on: 2012-10-12
Last updated on: 2012-10-12
Affected Products: Red Hat Enterprise Linux ELS (v. 4)
CVEs ( CVE-2012-4244


Updated bind packages that fix two security issues are now available for
Red Hat Enterprise Linux 4 Extended Life Cycle Support.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.

A flaw was found in the way BIND handled resource records with a large
RDATA value. A malicious owner of a DNS domain could use this flaw to
create specially-crafted DNS resource records, that would cause a recursive
resolver or secondary server to exit unexpectedly with an assertion
failure. (CVE-2012-4244)

A flaw was found in the way BIND handled certain combinations of resource
records. A remote attacker could use this flaw to cause a recursive
resolver, or an authoritative server in certain configurations, to lockup.

Users of bind are advised to upgrade to these updated packages, which
correct these issues. After installing the update, the BIND daemon (named)
will be restarted automatically.


Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at

Updated packages

Red Hat Enterprise Linux ELS (v. 4)

bind-9.2.4-41.el4.src.rpm     MD5: a630c64f9e0aaa0b27b63ef6a098496d
SHA-256: 1da09d2c68f308acd9e05c70341aef7a0f6c33e05f8bdd417a259e7cf8af6340
bind-9.2.4-41.el4.i386.rpm     MD5: b64c21da318134509b69aad1041985b2
SHA-256: 4105a74fe7d03ace4b107f41a11b9811990010248253f42cdd5a3fee23034633
bind-chroot-9.2.4-41.el4.i386.rpm     MD5: 4a836bdc104fec49353879c3294303aa
SHA-256: 3b456c8843961a4af433ab4d3a4bcb0b6f1d22102d1ba121efd37071d3073a78
bind-devel-9.2.4-41.el4.i386.rpm     MD5: cb5286378982d14fed2dc71915268969
SHA-256: 654159e30f35c605f110cfc6dca9926835a011e40e5d171a014095e5ffb0db28
bind-libs-9.2.4-41.el4.i386.rpm     MD5: 1ff83e06d29b73e0e22117a6a01dd27f
SHA-256: 4ea8c59a7bef64430ca589efc9bfe6b56f2de6403c5c8412d42f083c2bdf952b
bind-utils-9.2.4-41.el4.i386.rpm     MD5: 87392d4b50b399ae0c2cbe54edee3214
SHA-256: 930a8f3018816bb04a3e730f3e2cf056a536cbdae8b91d49ca3e690b1c53f40f
bind-9.2.4-41.el4.ia64.rpm     MD5: f1b2e78f87363fcbd969fde19bac46be
SHA-256: 11660bd9f69dc366d58e1066e2b2e4b590f3fab459896b70f3bb70ab0cd66396
bind-chroot-9.2.4-41.el4.ia64.rpm     MD5: 5be09f03d1cac25f8dccd44d74cd600b
SHA-256: adbfa436bb060166b08bd8e299908192dcebd26897bf4afc57ad5938b059e5a5
bind-devel-9.2.4-41.el4.ia64.rpm     MD5: a88130c5d01e3eb6571c2724558661ee
SHA-256: 42fce8a6d134f55d6ffc37817e5aa4d9722f85dae0d4761a03075b4242e61e1c
bind-libs-9.2.4-41.el4.i386.rpm     MD5: 1ff83e06d29b73e0e22117a6a01dd27f
SHA-256: 4ea8c59a7bef64430ca589efc9bfe6b56f2de6403c5c8412d42f083c2bdf952b
bind-libs-9.2.4-41.el4.ia64.rpm     MD5: 269383e001bdb214710c7c0a1279a162
SHA-256: 1ad57cea03a4370362b964458591f857e570882b788c317792f32af563b411d1
bind-utils-9.2.4-41.el4.ia64.rpm     MD5: 2e021c95229200b99a56f71a68861b45
SHA-256: 233ac00e5d6c38bb83177fb27d2743fc73989dc95651d296b60cb2789583f01e
bind-9.2.4-41.el4.x86_64.rpm     MD5: 97d13b5c6ed9b962d2652e532613b109
SHA-256: 6acae13499c09b91581fa4027a0788bdae46e8b84b565ecd126295cbcc51081a
bind-chroot-9.2.4-41.el4.x86_64.rpm     MD5: 84b280e82f294a4823dc9ac7cfb8368a
SHA-256: 57e359dc0d4b22d8151ce09bf9eba6879d9513458d895291c24a34e50e86d720
bind-devel-9.2.4-41.el4.x86_64.rpm     MD5: 1ed07c350d4584d62872e80a3920760e
SHA-256: 22bf2519f28631f2ca3b147ff609660446098c26334a9adb07252386587cc02c
bind-libs-9.2.4-41.el4.i386.rpm     MD5: 1ff83e06d29b73e0e22117a6a01dd27f
SHA-256: 4ea8c59a7bef64430ca589efc9bfe6b56f2de6403c5c8412d42f083c2bdf952b
bind-libs-9.2.4-41.el4.x86_64.rpm     MD5: a0b3661acd246fa831a49421b0b30624
SHA-256: af9ea4ae837dfdbfcec7cc3572a4b421159e8383e3d66df6e8f04df3d80ae551
bind-utils-9.2.4-41.el4.x86_64.rpm     MD5: 6a26afb6f1e33d85f6f0dfddd491eb25
SHA-256: fec3656321616f2ce2f57e41a69dd542a84d0113f304f68ecfa88d02f088783d
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

856754 - CVE-2012-4244 bind: specially crafted resource record causes named to exit
864273 - CVE-2012-5166 bind: Specially crafted DNS data can cause a lockup in named


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

The Red Hat security contact is More contact details at