Scientific Linux 5.x: Important Bind97 Moderate DoS CVE-2011-1910

Date: Wed, 1 Jun 2011 11:44:25 -0500
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Security ERRATA Important: bind97 on SL5.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 
MIME-Version: 1.0

Synopsis: Important: bind97 security update
Issue Date: 2011-05-31
CVE Numbers: CVE-2011-1910

The Berkeley Internet Name Domain (BIND) is an implementation of the
Domain Name System (DNS) protocols. BIND includes a DNS server (named);
a resolver library (routines for applications to use when interfacing
with DNS); and tools for verifying that the DNS server is operating
correctly.

An off-by-one flaw was found in the way BIND processed negative
responses with large resource record sets (RRSets). An attacker able to
send recursive queries to a BIND server that is configured as a caching
resolver could use this flaw to cause named to exit with an assertion
failure. (CVE-2011-1910)

All BIND users are advised to upgrade to these updated packages, which
resolve this issue. After installing the update, the BIND daemon (named)
will be restarted automatically.

SL5:
 x86_64
 bind97-utils-9.7.0-6.P2.el5_6.2.x86_64.rpm
 bind97-chroot-9.7.0-6.P2.el5_6.2.x86_64.rpm
 bind97-9.7.0-6.P2.el5_6.2.x86_64.rpm
 bind97-debuginfo-9.7.0-6.P2.el5_6.2.i386.rpm
 bind97-debuginfo-9.7.0-6.P2.el5_6.2.x86_64.rpm
 bind97-devel-9.7.0-6.P2.el5_6.2.i386.rpm
 bind97-devel-9.7.0-6.P2.el5_6.2.x86_64.rpm
 bind97-libs-9.7.0-6.P2.el5_6.2.i386.rpm
 bind97-libs-9.7.0-6.P2.el5_6.2.x86_64.rpm
 i386
 bind97-utils-9.7.0-6.P2.el5_6.2.i386.rpm
 bind97-libs-9.7.0-6.P2.el5_6.2.i386.rpm
 bind97-devel-9.7.0-6.P2.el5_6.2.i386.rpm
 bind97-debuginfo-9.7.0-6.P2.el5_6.2.i386.rpm
 bind97-chroot-9.7.0-6.P2.el5_6.2.i386.rpm
 bind97-9.7.0-6.P2.el5_6.2.i386.rpm

- Scientific Linux Development Team