Subject: | |
From: | |
Reply To: | P. Larry Nelson |
Date: | Thu, 30 Jul 2009 15:23:12 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Connie,
On every SL4.7 system I tried, doing a 'yum update', I'm getting
"No Packages marked for Update/Obsoletion".
Checking which bind-libs and bind-utils I have, I'm getting
version: 9.2.4-30.el4_7.1.
Now, the weird part - I first tried (after the message below arrived)
on my test virtual system SL4.7 (guest OS on VMWare) with 'yum update'
and (besides the new kernel) I got version: 9.2.4-30.el4_8.4 of the
bind rpm's.
- Larry
Connie Sieh wrote on 7/30/2009 12:31 PM:
> Synopsis: Important: bind security and bug fix update
> CVE: CVE-2009-0696
>
> CVE-2009-0696 bind: DoS (assertion failure) via nsupdate packets
>
>
> A flaw was found in the way BIND handles dynamic update message packets
> containing the "ANY" record type. A remote attacker could use this flaw to
> send a specially-crafted dynamic update packet that could cause named to
> exit with an assertion failure. (CVE-2009-0696)
>
> Note: even if named is not configured for dynamic updates, receiving such
> a specially-crafted dynamic update packet could still cause named to exit
> unexpectedly.
>
> This update also fixes the following bug:
>
> * when running on a system receiving a large number of (greater than 4,000)
> DNS requests per second, the named DNS nameserver became unresponsive, and
> the named service had to be restarted in order for it to continue serving
> requests. This was caused by a deadlock occurring between two threads that
> led to the inability of named to continue to service requests. This
> deadlock has been resolved with these updated packages so that named no
> longer becomes unresponsive under heavy load. (BZ#512668)
>
> After installing the update, the BIND daemon (named) will be restarted
> automatically.
>
> SRPM:
> bind-9.2.4-30.el4_8.4.src.rpm
>
> i386:
> bind-9.2.4-30.el4_8.4.i386.rpm
> bind-chroot-9.2.4-30.el4_8.4.i386.rpm
> bind-devel-9.2.4-30.el4_8.4.i386.rpm
> bind-libs-9.2.4-30.el4_8.4.i386.rpm
> bind-utils-9.2.4-30.el4_8.4.i386.rpm
>
> x86_64:
> bind-9.2.4-30.el4_8.4.x86_64.rpm
> bind-chroot-9.2.4-30.el4_8.4.x86_64.rpm
> bind-devel-9.2.4-30.el4_8.4.x86_64.rpm
> bind-libs-9.2.4-30.el4_8.4.i386.rpm
> bind-libs-9.2.4-30.el4_8.4.x86_64.rpm
> bind-utils-9.2.4-30.el4_8.4.x86_64.rpm
>
> -Connie Sieh
> -Troy Dawson
--
P. Larry Nelson (217-244-9855) | Systems/Network Administrator
461 Loomis Lab | High Energy Physics Group
1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill.
MailTo:[log in to unmask] | http://www.roadkill.com/lnelson/
-------------------------------------------------------------------
"Information without accountability is just noise." - P.L. Nelson
|
|
|