Subject: | |
From: | |
Reply To: | |
Date: | Fri, 31 Oct 2014 12:06:13 -0700 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Grant, can you check to see if we are affected by CVE-2014-0591?
On Mon, Oct 13, 2014 at 03:42:27PM +0000, Bonnie King wrote:
> Synopsis: Moderate: bind97 security and bug fix update
> Advisory ID: SLSA-2014:1244-1
> Issue Date: 2014-09-16
> CVE Numbers: CVE-2014-0591
> --
>
> A denial of service flaw was found in the way BIND handled queries for
> NSEC3-signed zones. A remote attacker could use this flaw against an
> authoritative name server that served NCES3-signed zones by sending a
> specially crafted query, which, when processed, would cause named to
> crash. (CVE-2014-0591)
>
> Note: The CVE-2014-0591 issue does not directly affect the version of
> bind97 shipped in Scientific Linux 5. This issue is being addressed
> however to assure it is not introduced in future builds of bind97
> (possibly built with a different compiler or C library optimization).
>
> This update also fixes the following bug:
>
> * Previously, the bind97 initscript did not check for the existence of the
> ROOTDIR variable when shutting down the named daemon. As a consequence,
> some parts of the file system that are mounted when using bind97 in a
> chroot environment were unmounted on daemon shut down, even if bind97 was
> not running in a chroot environment. With this update, the initscript has
> been fixed to check for the existence of the ROOTDIR variable when
> unmounting some parts of the file system on named daemon shut down. Now,
> when shutting down bind97 that is not running in a chroot environment, no
> parts of the file system are unmounted.
>
> After installing the update, the BIND daemon (named) will be restarted
> automatically.
> --
>
> SL5
> x86_64
> bind97-9.7.0-21.P2.el5.x86_64.rpm
> bind97-chroot-9.7.0-21.P2.el5.x86_64.rpm
> bind97-debuginfo-9.7.0-21.P2.el5.i386.rpm
> bind97-debuginfo-9.7.0-21.P2.el5.x86_64.rpm
> bind97-devel-9.7.0-21.P2.el5.i386.rpm
> bind97-devel-9.7.0-21.P2.el5.x86_64.rpm
> bind97-libs-9.7.0-21.P2.el5.i386.rpm
> bind97-libs-9.7.0-21.P2.el5.x86_64.rpm
> bind97-utils-9.7.0-21.P2.el5.x86_64.rpm
> i386
> bind97-9.7.0-21.P2.el5.i386.rpm
> bind97-chroot-9.7.0-21.P2.el5.i386.rpm
> bind97-debuginfo-9.7.0-21.P2.el5.i386.rpm
> bind97-devel-9.7.0-21.P2.el5.i386.rpm
> bind97-libs-9.7.0-21.P2.el5.i386.rpm
> bind97-utils-9.7.0-21.P2.el5.i386.rpm
>
> - Scientific Linux Development Team
>
--
Kelsey Cummings - [log in to unmask] Sonic.Net, Inc.
System Architect 2260 Apollo Way
707.522.1000 Santa Rosa, CA 95407
|
|
|