Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 536
Alerts This Week
Warning Icon 1 536

Scientific Linux 3, 4, 5: Important BIND Update for DNS Security Risks

Scientific Large Esm H446
Important: bind security update
Date: Fri, 11 Jul 2008 15:58:48 -0500
Reply-To: Connie Sieh 
Sender: Security Errata for Scientific Linux
 
From: Connie Sieh 
Subject: SECURITY errata for bind on SL 3.0.x, SL 4.x, SL 5.x
Comments: To: scientific 

Synopsis: Important: bind security update
CVE Names: CVE-2008-1447
Description:

The DNS protocol protects against spoofing attacks by requiring an attacker
to predict both the DNS transaction ID and UDP source port of a request. In
recent years, a number of papers have found problems with DNS
implementations which make it easier for an attacker to perform DNS
cache-poisoning attacks.

Previous versions of BIND did not use randomized UDP source ports. If an
attacker was able to predict the random DNS transaction ID, this could make
DNS cache-poisoning attacks easier. In order to provide more resilience,
BIND has been updated to use a range of random UDP source ports.
(CVE-2008-1447)

Note: This errata also updates SELinux policy to allow BIND to use random
UDP source ports.

SL 3:

Source:
 	bind-9.2.4-22.el3.src.rpm

x86_64:
 	bind-9.2.4-22.el3.x86_64.rpm
 	bind-chroot-9.2.4-22.el3.x86_64.rpm
 	bind-devel-9.2.4-22.el3.x86_64.rpm
 	bind-libs-9.2.4-22.el3.x86_64.rpm
 	bind-utils-9.2.4-22.el3.x86_64.rpm

SL 4:

Source:
 	bind-9.2.4-28.0.1.el4.src.rpm
 	selinux-policy-targeted-1.17.30-2.150.el4.src.rpm

i386:
 	bind-9.2.4-28.0.1.el4.i386.rpm
 	bind-chroot-9.2.4-28.0.1.el4.i386.rpm
 	bind-devel-9.2.4-28.0.1.el4.i386.rpm
 	bind-libs-9.2.4-28.0.1.el4.i386.rpm
 	bind-utils-9.2.4-28.0.1.el4.i386.rpm

noarch:
 	selinux-policy-targeted-1.17.30-2.150.el4.noarch.rpm
 	selinux-policy-targeted-sources-1.17.30-2.150.el4.noarch.rpm

x86_64:
 	bind-9.2.4-28.0.1.el4.x86_64.rpm
 	bind-chroot-9.2.4-28.0.1.el4.x86_64.rpm
 	bind-devel-9.2.4-28.0.1.el4.x86_64.rpm
 	bind-libs-9.2.4-28.0.1.el4.i386.rpm
 	bind-libs-9.2.4-28.0.1.el4.x86_64.rpm
 	bind-utils-9.2.4-28.0.1.el4.x86_64.rpm

x86_64:
 	bind-9.2.4-28.0.1.el4.x86_64.rpm
 	bind-chroot-9.2.4-28.0.1.el4.x86_64.rpm
 	bind-devel-9.2.4-28.0.1.el4.x86_64.rpm
 	bind-libs-9.2.4-28.0.1.el4.i386.rpm
 	bind-libs-9.2.4-28.0.1.el4.x86_64.rpm
 	bind-utils-9.2.4-28.0.1.el4.x86_64.rpm

SL 5:

Source:
 	bind-9.3.4-6.0.1.P1.el5_2.src.rpm
 	selinux-policy-2.4.6-137.1.el5_2.src.rpm

i386:
 	bind-9.3.4-6.0.1.P1.el5_2.i386.rpm
 	bind-chroot-9.3.4-6.0.1.P1.el5_2.i386.rpm
 	bind-devel-9.3.4-6.0.1.P1.el5_2.i386.rpm
 	bind-libbind-devel-9.3.4-6.0.1.P1.el5_2.i386.rpm
 	bind-libs-9.3.4-6.0.1.P1.el5_2.i386.rpm
 	bind-sdb-9.3.4-6.0.1.P1.el5_2.i386.rpm
 	bind-utils-9.3.4-6.0.1.P1.el5_2.i386.rpm
 	caching-nameserver-9.3.4-6.0.1.P1.el5_2.i386.rpm

noarch:
 	selinux-policy-2.4.6-137.1.el5_2.noarch.rpm
 	selinux-policy-devel-2.4.6-137.1.el5_2.noarch.rpm
 	selinux-policy-mls-2.4.6-137.1.el5_2.noarch.rpm
 	selinux-policy-strict-2.4.6-137.1.el5_2.noarch.rpm
 	selinux-policy-targeted-2.4.6-137.1.el5_2.noarch.rpm

x86_64:
 	bind-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
 	bind-chroot-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
 	bind-devel-9.3.4-6.0.1.P1.el5_2.i386.rpm
 	bind-devel-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
 	bind-libbind-devel-9.3.4-6.0.1.P1.el5_2.i386.rpm
 	bind-libbind-devel-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
 	bind-libs-9.3.4-6.0.1.P1.el5_2.i386.rpm
 	bind-libs-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
 	bind-sdb-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
 	bind-utils-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
 	caching-nameserver-9.3.4-6.0.1.P1.el5_2.x86_64.rpm

-Connie Sieh