Subject: | |
From: | |
Reply To: | |
Date: | Thu, 28 Feb 2013 16:17:33 -0600 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Moderate: bind security and enhancement update
Issue Date: 2013-02-21
CVE Numbers: CVE-2012-5689
--
A flaw was found in the DNS64 implementation in BIND when using Response
Policy
Zones (RPZ). If a remote attacker sent a specially-crafted query to a named
server that is using RPZ rewrite rules, named could exit unexpectedly
with an
assertion failure. Note that DNS64 support is not enabled by default.
(CVE-2012-5689)
This update also adds the following enhancement:
* Previously, it was impossible to configure the the maximum number of
responses sent per second to one client. This allowed remote attackers to
conduct traffic amplification attacks using DNS queries with spoofed
source IP
addresses. With this update, it is possible to use the new "rate-limit"
configuration option in named.conf and configure the maximum number of
queries
which the server responds to. Refer to the BIND documentation for more
details
about the "rate-limit" option.
After installing the update, the BIND daemon (named) will be restarted
automatically.
--
SL6
x86_64
bind-debuginfo-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-debuginfo-9.8.2-0.17.rc1.el6.3.x86_64.rpm
bind-libs-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-libs-9.8.2-0.17.rc1.el6.3.x86_64.rpm
bind-utils-9.8.2-0.17.rc1.el6.3.x86_64.rpm
bind-9.8.2-0.17.rc1.el6.3.x86_64.rpm
bind-chroot-9.8.2-0.17.rc1.el6.3.x86_64.rpm
bind-devel-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-devel-9.8.2-0.17.rc1.el6.3.x86_64.rpm
bind-sdb-9.8.2-0.17.rc1.el6.3.x86_64.rpm
i386
bind-debuginfo-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-libs-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-utils-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-chroot-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-devel-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-sdb-9.8.2-0.17.rc1.el6.3.i686.rpm
- Scientific Linux Development Team
|
|
|