Scientific Linux: SLSA-2015:1471-1 Critical: Bind Assertion Failure

Date: Mon, 3 Aug 2015 15:33:30 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Connie Sieh 
Subject: Security ERRATA Important: bind on SL6.x i386/x86_64
MIME-Version: 1.0
Message-ID: <20150803153330.24584.18288@slpackages.fnal.gov>

Synopsis: Important: bind security update
Advisory ID: SLSA-2015:1471-1
Issue Date: 2015-07-22
CVE Numbers: CVE-2015-4620
--

A flaw was found in the way BIND performed DNSSEC validation. An attacker
able to make BIND (functioning as a DNS resolver with DNSSEC validation
enabled) resolve a name in an attacker-controlled domain could cause named
to exit unexpectedly with an assertion failure. (CVE-2015-4620)

After installing the update, the BIND daemon (named) will be restarted
automatically.
--

SL6
 x86_64
 bind-debuginfo-9.8.2-0.37.rc1.el6_7.1.i686.rpm
 bind-debuginfo-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
 bind-libs-9.8.2-0.37.rc1.el6_7.1.i686.rpm
 bind-libs-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
 bind-utils-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
 bind-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
 bind-chroot-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
 bind-devel-9.8.2-0.37.rc1.el6_7.1.i686.rpm
 bind-devel-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
 bind-sdb-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
 i386
 bind-debuginfo-9.8.2-0.37.rc1.el6_7.1.i686.rpm
 bind-libs-9.8.2-0.37.rc1.el6_7.1.i686.rpm
 bind-utils-9.8.2-0.37.rc1.el6_7.1.i686.rpm
 bind-9.8.2-0.37.rc1.el6_7.1.i686.rpm
 bind-chroot-9.8.2-0.37.rc1.el6_7.1.i686.rpm
 bind-devel-9.8.2-0.37.rc1.el6_7.1.i686.rpm
 bind-sdb-9.8.2-0.37.rc1.el6_7.1.i686.rpm

- Scientific Linux Development Team