Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols.
A flaw was discovered in the way BIND checked the return value of the
OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone
could present a malformed DSA certificate and bypass proper certificate
validation, allowing spoofing attacks. (CVE-2009-0025)
For users of Red Hat Enterprise Linux 3 this update also addresses a bug
which can cause BIND to occasionally exit with an assertion failure.
All BIND users are advised to upgrade to the updated package, which
contains a backported patch to resolve this issue. After installing the
update, BIND daemon will be restarted automatically.
https://www.cve.org/CVERecord?id=CVE-2009-0025 https://access.redhat.com/security/updates/classification#moderate
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 :
Source:
i386:
bind-9.2.1-11.el2.i386.rpm
bind-devel-9.2.1-11.el2.i386.rpm
bind-utils-9.2.1-11.el2.i386.rpm
ia64:
bind-9.2.1-11.el2.ia64.rpm
bind-devel-9.2.1-11.el2.ia64.rpm
bind-utils-9.2.1-11.el2.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
Source:
ia64:
bind-9.2.1-11.el2.ia64.rpm
bind-devel-9.2.1-11.el2.ia64.rpm
bind-utils-9.2.1-11.el2.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
Source:
i386:
bind-9.2.1-11.el2.i386.rpm
bind-devel-9.2.1-11.el2.i386.rpm
bind-utils-9.2.1-11.el2.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
Source:
i386:
bind-9.2.1-11.el2.i386.rpm
bind-devel-9.2.1-11.el2.i386.rpm
bind-utils-9.2.1-11.el2.i386.rpm
Red Hat Enterprise Linux AS version 3:
Source:
i386:
bind-9.2.4-23.el3.i386.rpm
bind-chroot-9.2.4-23.el3.i386.rpm
bind-debuginfo-9.2.4-23.el3.i386.rpm
bind-devel-9.2.4-23.el3.i386.rpm
bind-libs-9.2.4-23.el3.i386.rpm
bind-utils-9.2.4-23.el3.i386.rpm
ia64:
bind-9.2.4-23.el3.ia64.rpm
bind-chroot-9.2.4-23.el3.ia64.rpm
bind-debuginfo-9.2.4-23.el3.ia64.rpm
bind-devel-9.2.4-23.el3.ia64.rpm
bind-libs-9.2.4-23.el3.ia64.rpm
bind-utils-9.2.4-23.el3.ia64.rpm
ppc:
bind-9.2.4-23.el3.ppc.rpm
bind-chroot-9.2.4-23.el3.ppc.rpm
Read the Full Advisory
Updated Bind packages to correct a security issue are now available for Red
Hat Enterprise Linux 2.1, 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
461047 - named dies due to assertion failure
478984 - CVE-2009-0025 bind: DSA_do_verify() returns check issue
Get the latest Linux and open source security news straight to your inbox.