SCIENTIFIC-LINUX-USERS Archives

October 2014

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Security ERRATA Moderate: bind97 on SL5.x i386/x86_64
From:
Kelsey Cummings <[log in to unmask]>
Reply To:
Kelsey Cummings <[log in to unmask]>
Date:
Fri, 31 Oct 2014 12:06:13 -0700
Content-Type:
text/plain
Parts/Attachments:
text/plain (63 lines) 
Grant, can you check to see if we are affected by CVE-2014-0591?

On Mon, Oct 13, 2014 at 03:42:27PM +0000, Bonnie King wrote:
> Synopsis:          Moderate: bind97 security and bug fix update
> Advisory ID:       SLSA-2014:1244-1
> Issue Date:        2014-09-16
> CVE Numbers:       CVE-2014-0591
> --
> 
> A denial of service flaw was found in the way BIND handled queries for
> NSEC3-signed zones. A remote attacker could use this flaw against an
> authoritative name server that served NCES3-signed zones by sending a
> specially crafted query, which, when processed, would cause named to
> crash. (CVE-2014-0591)
> 
> Note: The CVE-2014-0591 issue does not directly affect the version of
> bind97 shipped in Scientific Linux 5. This issue is being addressed
> however to assure it is not introduced in future builds of bind97
> (possibly built with a different compiler or C library optimization).
> 
> This update also fixes the following bug:
> 
> * Previously, the bind97 initscript did not check for the existence of the
> ROOTDIR variable when shutting down the named daemon. As a consequence,
> some parts of the file system that are mounted when using bind97 in a
> chroot environment were unmounted on daemon shut down, even if bind97 was
> not running in a chroot environment. With this update, the initscript has
> been fixed to check for the existence of the ROOTDIR variable when
> unmounting some parts of the file system on named daemon shut down. Now,
> when shutting down bind97 that is not running in a chroot environment, no
> parts of the file system are unmounted.
> 
> After installing the update, the BIND daemon (named) will be restarted
> automatically.
> --
> 
> SL5
>   x86_64
>     bind97-9.7.0-21.P2.el5.x86_64.rpm
>     bind97-chroot-9.7.0-21.P2.el5.x86_64.rpm
>     bind97-debuginfo-9.7.0-21.P2.el5.i386.rpm
>     bind97-debuginfo-9.7.0-21.P2.el5.x86_64.rpm
>     bind97-devel-9.7.0-21.P2.el5.i386.rpm
>     bind97-devel-9.7.0-21.P2.el5.x86_64.rpm
>     bind97-libs-9.7.0-21.P2.el5.i386.rpm
>     bind97-libs-9.7.0-21.P2.el5.x86_64.rpm
>     bind97-utils-9.7.0-21.P2.el5.x86_64.rpm
>   i386
>     bind97-9.7.0-21.P2.el5.i386.rpm
>     bind97-chroot-9.7.0-21.P2.el5.i386.rpm
>     bind97-debuginfo-9.7.0-21.P2.el5.i386.rpm
>     bind97-devel-9.7.0-21.P2.el5.i386.rpm
>     bind97-libs-9.7.0-21.P2.el5.i386.rpm
>     bind97-utils-9.7.0-21.P2.el5.i386.rpm
> 
> - Scientific Linux Development Team
> 

-- 
Kelsey Cummings - [log in to unmask]      Sonic.Net, Inc.
System Architect                          2260 Apollo Way
707.522.1000                              Santa Rosa, CA 95407

ATOM RSS1 RSS2