Date:         Thu, 30 Jul 2009 12:31:06 -0500
Reply-To:     Connie Sieh 
Sender:       Security Errata for Scientific Linux
              
From:         Connie Sieh 
Subject:      Security ERRATA Important: bind security for SL 4.x on i386/x86_64
Comments: To: scientific 

Synopsis:          Important: bind security and bug fix update
CVE:               CVE-2009-0696

   CVE-2009-0696 bind: DoS (assertion failure) via nsupdate packets


A flaw was found in the way BIND handles dynamic update message packets
containing the "ANY" record type. A remote attacker could use this flaw to
send a specially-crafted dynamic update packet that could cause named to
exit with an assertion failure. (CVE-2009-0696)

Note: even if named is not configured for dynamic updates, receiving such
a specially-crafted dynamic update packet could still cause named to exit
unexpectedly.

This update also fixes the following bug:

* when running on a system receiving a large number of (greater than 4,000)
DNS requests per second, the named DNS nameserver became unresponsive, and
the named service had to be restarted in order for it to continue serving
requests. This was caused by a deadlock occurring between two threads that
led to the inability of named to continue to service requests. This
deadlock has been resolved with these updated packages so that named no
longer becomes unresponsive under heavy load. (BZ#512668)

After installing the update, the BIND daemon (named) will be restarted 
automatically.

SRPM:
    bind-9.2.4-30.el4_8.4.src.rpm

i386:
    bind-9.2.4-30.el4_8.4.i386.rpm
    bind-chroot-9.2.4-30.el4_8.4.i386.rpm
    bind-devel-9.2.4-30.el4_8.4.i386.rpm
    bind-libs-9.2.4-30.el4_8.4.i386.rpm
    bind-utils-9.2.4-30.el4_8.4.i386.rpm

x86_64:
    bind-9.2.4-30.el4_8.4.x86_64.rpm
    bind-chroot-9.2.4-30.el4_8.4.x86_64.rpm
    bind-devel-9.2.4-30.el4_8.4.x86_64.rpm
    bind-libs-9.2.4-30.el4_8.4.i386.rpm
    bind-libs-9.2.4-30.el4_8.4.x86_64.rpm
    bind-utils-9.2.4-30.el4_8.4.x86_64.rpm

-Connie Sieh
-Troy Dawson