SciLinux: CVE-2009-4022 Moderate: bind SL5.x i386/x86_64
Summary
Date: Tue, 1 Dec 2009 11:20:56 -0600Reply-To: Troy DawsonSender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Moderate: bind on SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov" Synopsis: Moderate: bind security updateIssue date: 2009-11-30CVE Names: CVE-2009-4022CVE-2009-4022 bind: cache poisoning using not validated DNSSEC responsesMichael Sinatra discovered that BIND was incorrectly caching responseswithout performing proper DNSSEC validation, when those responses werereceived during the resolution of a recursive client query that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries. (CVE-2009-4022)After installing the update, the BIND daemon (named) will be restarted automatically.SL 5.x SRPMS:bind-9.3.6-4.P1.el5_4.1.src.rpm i386:bind-9.3.6-4.P1.el5_4.1.i386.rpmbind-chroot-9.3.6-4.P1.el5_4.1.i386.rpmbind-devel-9.3.6-4.P1.el5_4.1.i386.rpmbind-libbind-devel-9.3.6-4.P1.el5_4.1.i386.rpmbind-libs-9.3.6-4.P1.el5_4.1.i386.rpmbind-sdb-9.3.6-4.P1.el5_4.1.i386.rpmbind-utils-9.3.6-4.P1.el5_4.1.i386.rpmcaching-nameserver-9.3.6-4.P1.el5_4.1.i386.rpm x86_64:bind-9.3.6-4.P1.el5_4.1.x86_64.rpmbind-chroot-9.3.6-4.P1.el5_4.1.x86_64.rpmbind-devel-9.3.6-4.P1.el5_4.1.i386.rpmbind-devel-9.3.6-4.P1.el5_4.1.x86_64.rpmbind-libbind-devel-9.3.6-4.P1.el5_4.1.i386.rpmbind-libbind-devel-9.3.6-4.P1.el5_4.1.x86_64.rpmbind-libs-9.3.6-4.P1.el5_4.1.i386.rpmbind-libs-9.3.6-4.P1.el5_4.1.x86_64.rpmbind-sdb-9.3.6-4.P1.el5_4.1.x86_64.rpmbind-utils-9.3.6-4.P1.el5_4.1.x86_64.rpmcaching-nameserver-9.3.6-4.P1.el5_4.1.x86_64.rpm-Connie Sieh-Troy Dawson