Subject: | |
From: | |
Reply To: | |
Date: | Mon, 13 Dec 2010 14:46:25 -0600 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Important: bind security update
Issue date: 2010-12-13
CVE Names: CVE-2010-3613 CVE-2010-3614 CVE-2010-3762
It was discovered that named did not invalidate previously cached RRSIG
records when adding an NCACHE record for the same entry to the cache. A
remote attacker allowed to send recursive DNS queries to named could use
this flaw to crash named. (CVE-2010-3613)
A flaw was found in the DNSSEC validation code in named. If named had
multiple trust anchors configured for a zone, a response to a request
for a record in that zone with a bad signature could cause named to
crash. (CVE-2010-3762)
It was discovered that, in certain cases, named did not properly perform
DNSSEC validation of an NS RRset for zones in the middle of a DNSKEY
algorithm rollover. This flaw could cause the validator to incorrectly
determine that the zone is insecure and not protected by DNSSEC.
(CVE-2010-3614)
After installing the update, the BIND daemon (named) will be restarted
automatically.
SL 5.x
SRPMS:
bind-9.3.6-4.P1.el5_5.3.src.rpm
i386:
bind-9.3.6-4.P1.el5_5.3.i386.rpm
bind-chroot-9.3.6-4.P1.el5_5.3.i386.rpm
bind-devel-9.3.6-4.P1.el5_5.3.i386.rpm
bind-libbind-devel-9.3.6-4.P1.el5_5.3.i386.rpm
bind-libs-9.3.6-4.P1.el5_5.3.i386.rpm
bind-sdb-9.3.6-4.P1.el5_5.3.i386.rpm
bind-utils-9.3.6-4.P1.el5_5.3.i386.rpm
caching-nameserver-9.3.6-4.P1.el5_5.3.i386.rpm
x86_64:
bind-9.3.6-4.P1.el5_5.3.x86_64.rpm
bind-chroot-9.3.6-4.P1.el5_5.3.x86_64.rpm
bind-devel-9.3.6-4.P1.el5_5.3.i386.rpm
bind-devel-9.3.6-4.P1.el5_5.3.x86_64.rpm
bind-libbind-devel-9.3.6-4.P1.el5_5.3.i386.rpm
bind-libbind-devel-9.3.6-4.P1.el5_5.3.x86_64.rpm
bind-libs-9.3.6-4.P1.el5_5.3.i386.rpm
bind-libs-9.3.6-4.P1.el5_5.3.x86_64.rpm
bind-sdb-9.3.6-4.P1.el5_5.3.x86_64.rpm
bind-utils-9.3.6-4.P1.el5_5.3.x86_64.rpm
caching-nameserver-9.3.6-4.P1.el5_5.3.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|