Date:         Fri, 11 Jul 2008 15:58:48 -0500
Reply-To:     Connie Sieh 
Sender:       Security Errata for Scientific Linux
              
From:         Connie Sieh 
Subject:      SECURITY errata for bind on SL 3.0.x , SL 4.x, SL 5.x
Comments: To: scientific 

Synopsis:          Important: bind security update
CVE Names:         CVE-2008-1447
Description:

The DNS protocol protects against spoofing attacks by requiring an attacker
to predict both the DNS transaction ID and UDP source port of a request. In
recent years, a number of papers have found problems with DNS
implementations which make it easier for an attacker to perform DNS
cache-poisoning attacks.

Previous versions of BIND did not use randomized UDP source ports. If an
attacker was able to predict the random DNS transaction ID, this could make
DNS cache-poisoning attacks easier. In order to provide more resilience,
BIND has been updated to use a range of random UDP source ports.
(CVE-2008-1447)

Note: This errata also updates SELinux policy to allow BIND to use random
UDP source ports.

SL 3:

Source:
 	bind-9.2.4-22.el3.src.rpm

x86_64:
 	bind-9.2.4-22.el3.x86_64.rpm
 	bind-chroot-9.2.4-22.el3.x86_64.rpm
 	bind-devel-9.2.4-22.el3.x86_64.rpm
 	bind-libs-9.2.4-22.el3.x86_64.rpm
 	bind-utils-9.2.4-22.el3.x86_64.rpm

SL 4:

Source:
 	bind-9.2.4-28.0.1.el4.src.rpm
 	selinux-policy-targeted-1.17.30-2.150.el4.src.rpm

i386:
 	bind-9.2.4-28.0.1.el4.i386.rpm
 	bind-chroot-9.2.4-28.0.1.el4.i386.rpm
 	bind-devel-9.2.4-28.0.1.el4.i386.rpm
 	bind-libs-9.2.4-28.0.1.el4.i386.rpm
 	bind-utils-9.2.4-28.0.1.el4.i386.rpm

noarch:
 	selinux-policy-targeted-1.17.30-2.150.el4.noarch.rpm
 	selinux-policy-targeted-sources-1.17.30-2.150.el4.noarch.rpm

x86_64:
 	bind-9.2.4-28.0.1.el4.x86_64.rpm
 	bind-chroot-9.2.4-28.0.1.el4.x86_64.rpm
 	bind-devel-9.2.4-28.0.1.el4.x86_64.rpm
 	bind-libs-9.2.4-28.0.1.el4.i386.rpm
 	bind-libs-9.2.4-28.0.1.el4.x86_64.rpm
 	bind-utils-9.2.4-28.0.1.el4.x86_64.rpm

x86_64:
 	bind-9.2.4-28.0.1.el4.x86_64.rpm
 	bind-chroot-9.2.4-28.0.1.el4.x86_64.rpm
 	bind-devel-9.2.4-28.0.1.el4.x86_64.rpm
 	bind-libs-9.2.4-28.0.1.el4.i386.rpm
 	bind-libs-9.2.4-28.0.1.el4.x86_64.rpm
 	bind-utils-9.2.4-28.0.1.el4.x86_64.rpm

SL 5:

Source:
 	bind-9.3.4-6.0.1.P1.el5_2.src.rpm
 	selinux-policy-2.4.6-137.1.el5_2.src.rpm

i386:
 	bind-9.3.4-6.0.1.P1.el5_2.i386.rpm
 	bind-chroot-9.3.4-6.0.1.P1.el5_2.i386.rpm
 	bind-devel-9.3.4-6.0.1.P1.el5_2.i386.rpm
 	bind-libbind-devel-9.3.4-6.0.1.P1.el5_2.i386.rpm
 	bind-libs-9.3.4-6.0.1.P1.el5_2.i386.rpm
 	bind-sdb-9.3.4-6.0.1.P1.el5_2.i386.rpm
 	bind-utils-9.3.4-6.0.1.P1.el5_2.i386.rpm
 	caching-nameserver-9.3.4-6.0.1.P1.el5_2.i386.rpm

noarch:
 	selinux-policy-2.4.6-137.1.el5_2.noarch.rpm
 	selinux-policy-devel-2.4.6-137.1.el5_2.noarch.rpm
 	selinux-policy-mls-2.4.6-137.1.el5_2.noarch.rpm
 	selinux-policy-strict-2.4.6-137.1.el5_2.noarch.rpm
 	selinux-policy-targeted-2.4.6-137.1.el5_2.noarch.rpm

x86_64:
 	bind-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
 	bind-chroot-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
 	bind-devel-9.3.4-6.0.1.P1.el5_2.i386.rpm
 	bind-devel-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
 	bind-libbind-devel-9.3.4-6.0.1.P1.el5_2.i386.rpm
 	bind-libbind-devel-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
 	bind-libs-9.3.4-6.0.1.P1.el5_2.i386.rpm
 	bind-libs-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
 	bind-sdb-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
 	bind-utils-9.3.4-6.0.1.P1.el5_2.x86_64.rpm
 	caching-nameserver-9.3.4-6.0.1.P1.el5_2.x86_64.rpm

-Connie Sieh

SciLinux: CVE-2008-1447 bind SL 3.0.x , SL 4.x, SL 5.x

Important: bind security update

Summary

Date:         Fri, 11 Jul 2008 15:58:48 -0500Reply-To:     Connie Sieh Sender:       Security Errata for Scientific Linux              From:         Connie Sieh Subject:      SECURITY errata for bind on SL 3.0.x , SL 4.x, SL 5.xComments: To: scientific Synopsis:          Important: bind security updateCVE Names:         CVE-2008-1447Description:The DNS protocol protects against spoofing attacks by requiring an attackerto predict both the DNS transaction ID and UDP source port of a request. Inrecent years, a number of papers have found problems with DNSimplementations which make it easier for an attacker to perform DNScache-poisoning attacks.Previous versions of BIND did not use randomized UDP source ports. If anattacker was able to predict the random DNS transaction ID, this could makeDNS cache-poisoning attacks easier. In order to provide more resilience,BIND has been updated to use a range of random UDP source ports.(CVE-2008-1447)Note: This errata also updates SELinux policy to allow BIND to use randomUDP source ports.SL 3:Source: 	bind-9.2.4-22.el3.src.rpmx86_64: 	bind-9.2.4-22.el3.x86_64.rpm 	bind-chroot-9.2.4-22.el3.x86_64.rpm 	bind-devel-9.2.4-22.el3.x86_64.rpm 	bind-libs-9.2.4-22.el3.x86_64.rpm 	bind-utils-9.2.4-22.el3.x86_64.rpmSL 4:Source: 	bind-9.2.4-28.0.1.el4.src.rpm 	selinux-policy-targeted-1.17.30-2.150.el4.src.rpmi386: 	bind-9.2.4-28.0.1.el4.i386.rpm 	bind-chroot-9.2.4-28.0.1.el4.i386.rpm 	bind-devel-9.2.4-28.0.1.el4.i386.rpm 	bind-libs-9.2.4-28.0.1.el4.i386.rpm 	bind-utils-9.2.4-28.0.1.el4.i386.rpmnoarch: 	selinux-policy-targeted-1.17.30-2.150.el4.noarch.rpm 	selinux-policy-targeted-sources-1.17.30-2.150.el4.noarch.rpmx86_64: 	bind-9.2.4-28.0.1.el4.x86_64.rpm 	bind-chroot-9.2.4-28.0.1.el4.x86_64.rpm 	bind-devel-9.2.4-28.0.1.el4.x86_64.rpm 	bind-libs-9.2.4-28.0.1.el4.i386.rpm 	bind-libs-9.2.4-28.0.1.el4.x86_64.rpm 	bind-utils-9.2.4-28.0.1.el4.x86_64.rpmx86_64: 	bind-9.2.4-28.0.1.el4.x86_64.rpm 	bind-chroot-9.2.4-28.0.1.el4.x86_64.rpm 	bind-devel-9.2.4-28.0.1.el4.x86_64.rpm 	bind-libs-9.2.4-28.0.1.el4.i386.rpm 	bind-libs-9.2.4-28.0.1.el4.x86_64.rpm 	bind-utils-9.2.4-28.0.1.el4.x86_64.rpmSL 5:Source: 	bind-9.3.4-6.0.1.P1.el5_2.src.rpm 	selinux-policy-2.4.6-137.1.el5_2.src.rpmi386: 	bind-9.3.4-6.0.1.P1.el5_2.i386.rpm 	bind-chroot-9.3.4-6.0.1.P1.el5_2.i386.rpm 	bind-devel-9.3.4-6.0.1.P1.el5_2.i386.rpm 	bind-libbind-devel-9.3.4-6.0.1.P1.el5_2.i386.rpm 	bind-libs-9.3.4-6.0.1.P1.el5_2.i386.rpm 	bind-sdb-9.3.4-6.0.1.P1.el5_2.i386.rpm 	bind-utils-9.3.4-6.0.1.P1.el5_2.i386.rpm 	caching-nameserver-9.3.4-6.0.1.P1.el5_2.i386.rpmnoarch: 	selinux-policy-2.4.6-137.1.el5_2.noarch.rpm 	selinux-policy-devel-2.4.6-137.1.el5_2.noarch.rpm 	selinux-policy-mls-2.4.6-137.1.el5_2.noarch.rpm 	selinux-policy-strict-2.4.6-137.1.el5_2.noarch.rpm 	selinux-policy-targeted-2.4.6-137.1.el5_2.noarch.rpmx86_64: 	bind-9.3.4-6.0.1.P1.el5_2.x86_64.rpm 	bind-chroot-9.3.4-6.0.1.P1.el5_2.x86_64.rpm 	bind-devel-9.3.4-6.0.1.P1.el5_2.i386.rpm 	bind-devel-9.3.4-6.0.1.P1.el5_2.x86_64.rpm 	bind-libbind-devel-9.3.4-6.0.1.P1.el5_2.i386.rpm 	bind-libbind-devel-9.3.4-6.0.1.P1.el5_2.x86_64.rpm 	bind-libs-9.3.4-6.0.1.P1.el5_2.i386.rpm 	bind-libs-9.3.4-6.0.1.P1.el5_2.x86_64.rpm 	bind-sdb-9.3.4-6.0.1.P1.el5_2.x86_64.rpm 	bind-utils-9.3.4-6.0.1.P1.el5_2.x86_64.rpm 	caching-nameserver-9.3.4-6.0.1.P1.el5_2.x86_64.rpm-Connie Sieh



Security Fixes

Severity

Related News