Synopsis:    Important: bind97 security update
Issue Date:  2011-05-31
CVE Numbers: CVE-2011-1910


The Berkeley Internet Name Domain (BIND) is an implementation of the 
Domain Name System (DNS) protocols. BIND includes a DNS server (named); 
a resolver library (routines for applications to use when interfacing 
with DNS); and tools for verifying that the DNS server is operating 
correctly.

An off-by-one flaw was found in the way BIND processed negative 
responses with large resource record sets (RRSets). An attacker able to 
send recursive queries to a BIND server that is configured as a caching
resolver could use this flaw to cause named to exit with an assertion
failure. (CVE-2011-1910)

All BIND users are advised to upgrade to these updated packages, which
resolve this issue. After installing the update, the BIND daemon (named)
will be restarted automatically.

SL5:
   x86_64
      bind97-utils-9.7.0-6.P2.el5_6.2.x86_64.rpm
      bind97-chroot-9.7.0-6.P2.el5_6.2.x86_64.rpm
      bind97-9.7.0-6.P2.el5_6.2.x86_64.rpm
      bind97-debuginfo-9.7.0-6.P2.el5_6.2.i386.rpm
      bind97-debuginfo-9.7.0-6.P2.el5_6.2.x86_64.rpm
      bind97-devel-9.7.0-6.P2.el5_6.2.i386.rpm
      bind97-devel-9.7.0-6.P2.el5_6.2.x86_64.rpm
      bind97-libs-9.7.0-6.P2.el5_6.2.i386.rpm
      bind97-libs-9.7.0-6.P2.el5_6.2.x86_64.rpm
   i386
      bind97-utils-9.7.0-6.P2.el5_6.2.i386.rpm
      bind97-libs-9.7.0-6.P2.el5_6.2.i386.rpm
      bind97-devel-9.7.0-6.P2.el5_6.2.i386.rpm
      bind97-debuginfo-9.7.0-6.P2.el5_6.2.i386.rpm
      bind97-chroot-9.7.0-6.P2.el5_6.2.i386.rpm
      bind97-9.7.0-6.P2.el5_6.2.i386.rpm

- Scientific Linux Development Team