SciLinux: CVE-2009-0696 Important: bind SL 3.0.x i386/x86_64
Summary
Date: Thu, 30 Jul 2009 15:09:30 -0500Reply-To: Connie SiehSender: Security Errata for Scientific Linux From: Connie Sieh Subject: Security ERRATA Important: bind for SL 3.0.x on i386/x86_64Comments: To: scientific Synopsis: Important: bind security and bug fix updateCVE Names: CVE-2009-0696 CVE-2009-0696 bind: DoS (assertion failure) via nsupdate packetsA flaw was found in the way BIND handles dynamic update message packetscontaining the "ANY" record type. A remote attacker could use this flaw tosend a specially-crafted dynamic update packet that could cause named toexit with an assertion failure. (CVE-2009-0696)Note: even if named is not configured for dynamic updates, receiving sucha specially-crafted dynamic update packet could still cause named to exitunexpectedly.This update also fixes the following bug:* the following message could have been logged: "internal_accept: fcntl()failed: Too many open files". With these updated packages, timeout queriesare aborted in order to reduce the number of open UDP sockets, and when theaccept() function returns an EMFILE error value, that situation is nowhandled gracefully, thus resolving the issue. (BZ#498164)After installing the update, the BIND daemon (named) will be restarted automatically.SRPM: bind-9.2.4-25.el3.src.rpmi386: bind-9.2.4-25.el3.i386.rpm bind-chroot-9.2.4-25.el3.i386.rpm bind-devel-9.2.4-25.el3.i386.rpm bind-libs-9.2.4-25.el3.i386.rpm bind-utils-9.2.4-25.el3.i386.rpmx86_64: bind-9.2.4-25.el3.x86_64.rpm bind-chroot-9.2.4-25.el3.x86_64.rpm bind-devel-9.2.4-25.el3.x86_64.rpm bind-libs-9.2.4-25.el3.x86_64.rpm bind-utils-9.2.4-25.el3.x86_64.rpm-Connie Sieh-Troy Dawson