SciLinux: Important: bind security SL 4.x i386/x86_64 Errata 12-31-06
Summary
Date: Thu, 30 Jul 2009 12:31:06 -0500Reply-To: Connie SiehSender: Security Errata for Scientific Linux From: Connie Sieh Subject: Security ERRATA Important: bind security for SL 4.x on i386/x86_64Comments: To: scientific Synopsis: Important: bind security and bug fix updateCVE: CVE-2009-0696 CVE-2009-0696 bind: DoS (assertion failure) via nsupdate packetsA flaw was found in the way BIND handles dynamic update message packetscontaining the "ANY" record type. A remote attacker could use this flaw tosend a specially-crafted dynamic update packet that could cause named toexit with an assertion failure. (CVE-2009-0696)Note: even if named is not configured for dynamic updates, receiving sucha specially-crafted dynamic update packet could still cause named to exitunexpectedly.This update also fixes the following bug:* when running on a system receiving a large number of (greater than 4,000)DNS requests per second, the named DNS nameserver became unresponsive, andthe named service had to be restarted in order for it to continue servingrequests. This was caused by a deadlock occurring between two threads thatled to the inability of named to continue to service requests. Thisdeadlock has been resolved with these updated packages so that named nolonger becomes unresponsive under heavy load. (BZ#512668)After installing the update, the BIND daemon (named) will be restarted automatically.SRPM: bind-9.2.4-30.el4_8.4.src.rpmi386: bind-9.2.4-30.el4_8.4.i386.rpm bind-chroot-9.2.4-30.el4_8.4.i386.rpm bind-devel-9.2.4-30.el4_8.4.i386.rpm bind-libs-9.2.4-30.el4_8.4.i386.rpm bind-utils-9.2.4-30.el4_8.4.i386.rpmx86_64: bind-9.2.4-30.el4_8.4.x86_64.rpm bind-chroot-9.2.4-30.el4_8.4.x86_64.rpm bind-devel-9.2.4-30.el4_8.4.x86_64.rpm bind-libs-9.2.4-30.el4_8.4.i386.rpm bind-libs-9.2.4-30.el4_8.4.x86_64.rpm bind-utils-9.2.4-30.el4_8.4.x86_64.rpm-Connie Sieh-Troy Dawson