Date:         Thu, 8 Jan 2009 16:08:24 -0600
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA for bind on SL3.x, SL4.x, SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Moderate: bind security update
Issue date:	2009-01-08
CVE Names:	CVE-2009-0025

A flaw was discovered in the way BIND checked the return value of the
OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone
could present a malformed DSA certificate and bypass proper certificate
validation, allowing spoofing attacks. (CVE-2009-0025)

For users of Red Hat Enterprise Linux 3 this update also addresses a bug
which can cause BIND to occasionally exit with an assertion failure.

After installing theupdate, BIND daemon will be restarted automatically.

SL 3.0.x

      SRPMS:
bind-9.2.4-23.el3.src.rpm
      i386:
bind-9.2.4-23.el3.i386.rpm
bind-chroot-9.2.4-23.el3.i386.rpm
bind-devel-9.2.4-23.el3.i386.rpm
bind-libs-9.2.4-23.el3.i386.rpm
bind-utils-9.2.4-23.el3.i386.rpm
      x86_64:
bind-9.2.4-23.el3.x86_64.rpm
bind-chroot-9.2.4-23.el3.x86_64.rpm
bind-devel-9.2.4-23.el3.x86_64.rpm
bind-libs-9.2.4-23.el3.x86_64.rpm
bind-utils-9.2.4-23.el3.x86_64.rpm

SL 4.x

      SRPMS:
bind-9.2.4-30.el4_7.1.src.rpm
      i386:
bind-9.2.4-30.el4_7.1.i386.rpm
bind-chroot-9.2.4-30.el4_7.1.i386.rpm
bind-devel-9.2.4-30.el4_7.1.i386.rpm
bind-libs-9.2.4-30.el4_7.1.i386.rpm
bind-utils-9.2.4-30.el4_7.1.i386.rpm
      x86_64:
bind-9.2.4-30.el4_7.1.x86_64.rpm
bind-chroot-9.2.4-30.el4_7.1.x86_64.rpm
bind-devel-9.2.4-30.el4_7.1.x86_64.rpm
bind-libs-9.2.4-30.el4_7.1.i386.rpm
bind-libs-9.2.4-30.el4_7.1.x86_64.rpm
bind-utils-9.2.4-30.el4_7.1.x86_64.rpm

SL 5.x

      SRPMS:
bind-9.3.4-6.0.3.P1.el5_2.src.rpm
      i386:
bind-9.3.4-6.0.3.P1.el5_2.i386.rpm
bind-chroot-9.3.4-6.0.3.P1.el5_2.i386.rpm
bind-devel-9.3.4-6.0.3.P1.el5_2.i386.rpm
bind-libbind-devel-9.3.4-6.0.3.P1.el5_2.i386.rpm
bind-libs-9.3.4-6.0.3.P1.el5_2.i386.rpm
bind-sdb-9.3.4-6.0.3.P1.el5_2.i386.rpm
bind-utils-9.3.4-6.0.3.P1.el5_2.i386.rpm
caching-nameserver-9.3.4-6.0.3.P1.el5_2.i386.rpm
      x86_64:
bind-9.3.4-6.0.3.P1.el5_2.x86_64.rpm
bind-chroot-9.3.4-6.0.3.P1.el5_2.x86_64.rpm
bind-devel-9.3.4-6.0.3.P1.el5_2.i386.rpm
bind-devel-9.3.4-6.0.3.P1.el5_2.x86_64.rpm
bind-libbind-devel-9.3.4-6.0.3.P1.el5_2.i386.rpm
bind-libbind-devel-9.3.4-6.0.3.P1.el5_2.x86_64.rpm
bind-libs-9.3.4-6.0.3.P1.el5_2.i386.rpm
bind-libs-9.3.4-6.0.3.P1.el5_2.x86_64.rpm
bind-sdb-9.3.4-6.0.3.P1.el5_2.x86_64.rpm
bind-utils-9.3.4-6.0.3.P1.el5_2.x86_64.rpm
caching-nameserver-9.3.4-6.0.3.P1.el5_2.x86_64.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2009-0025 bind SL3.x, SL4.x, SL5.x i386/x86_64

Moderate: bind security update

Summary

Date:         Thu, 8 Jan 2009 16:08:24 -0600Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Security ERRATA for bind on SL3.x, SL4.x, SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          Synopsis:	Moderate: bind security updateIssue date:	2009-01-08CVE Names:	CVE-2009-0025A flaw was discovered in the way BIND checked the return value of theOpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zonecould present a malformed DSA certificate and bypass proper certificatevalidation, allowing spoofing attacks. (CVE-2009-0025)For users of Red Hat Enterprise Linux 3 this update also addresses a bugwhich can cause BIND to occasionally exit with an assertion failure.After installing theupdate, BIND daemon will be restarted automatically.SL 3.0.x      SRPMS:bind-9.2.4-23.el3.src.rpm      i386:bind-9.2.4-23.el3.i386.rpmbind-chroot-9.2.4-23.el3.i386.rpmbind-devel-9.2.4-23.el3.i386.rpmbind-libs-9.2.4-23.el3.i386.rpmbind-utils-9.2.4-23.el3.i386.rpm      x86_64:bind-9.2.4-23.el3.x86_64.rpmbind-chroot-9.2.4-23.el3.x86_64.rpmbind-devel-9.2.4-23.el3.x86_64.rpmbind-libs-9.2.4-23.el3.x86_64.rpmbind-utils-9.2.4-23.el3.x86_64.rpmSL 4.x      SRPMS:bind-9.2.4-30.el4_7.1.src.rpm      i386:bind-9.2.4-30.el4_7.1.i386.rpmbind-chroot-9.2.4-30.el4_7.1.i386.rpmbind-devel-9.2.4-30.el4_7.1.i386.rpmbind-libs-9.2.4-30.el4_7.1.i386.rpmbind-utils-9.2.4-30.el4_7.1.i386.rpm      x86_64:bind-9.2.4-30.el4_7.1.x86_64.rpmbind-chroot-9.2.4-30.el4_7.1.x86_64.rpmbind-devel-9.2.4-30.el4_7.1.x86_64.rpmbind-libs-9.2.4-30.el4_7.1.i386.rpmbind-libs-9.2.4-30.el4_7.1.x86_64.rpmbind-utils-9.2.4-30.el4_7.1.x86_64.rpmSL 5.x      SRPMS:bind-9.3.4-6.0.3.P1.el5_2.src.rpm      i386:bind-9.3.4-6.0.3.P1.el5_2.i386.rpmbind-chroot-9.3.4-6.0.3.P1.el5_2.i386.rpmbind-devel-9.3.4-6.0.3.P1.el5_2.i386.rpmbind-libbind-devel-9.3.4-6.0.3.P1.el5_2.i386.rpmbind-libs-9.3.4-6.0.3.P1.el5_2.i386.rpmbind-sdb-9.3.4-6.0.3.P1.el5_2.i386.rpmbind-utils-9.3.4-6.0.3.P1.el5_2.i386.rpmcaching-nameserver-9.3.4-6.0.3.P1.el5_2.i386.rpm      x86_64:bind-9.3.4-6.0.3.P1.el5_2.x86_64.rpmbind-chroot-9.3.4-6.0.3.P1.el5_2.x86_64.rpmbind-devel-9.3.4-6.0.3.P1.el5_2.i386.rpmbind-devel-9.3.4-6.0.3.P1.el5_2.x86_64.rpmbind-libbind-devel-9.3.4-6.0.3.P1.el5_2.i386.rpmbind-libbind-devel-9.3.4-6.0.3.P1.el5_2.x86_64.rpmbind-libs-9.3.4-6.0.3.P1.el5_2.i386.rpmbind-libs-9.3.4-6.0.3.P1.el5_2.x86_64.rpmbind-sdb-9.3.4-6.0.3.P1.el5_2.x86_64.rpmbind-utils-9.3.4-6.0.3.P1.el5_2.x86_64.rpmcaching-nameserver-9.3.4-6.0.3.P1.el5_2.x86_64.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity