Synopsis: Important: bind security update Issue date: 2010-12-13 CVE Names: CVE-2010-3613 CVE-2010-3614 CVE-2010-3762 It was discovered that named did not invalidate previously cached RRSIG records when adding an NCACHE record for the same entry to the cache. A remote attacker allowed to send recursive DNS queries to named could use this flaw to crash named. (CVE-2010-3613) A flaw was found in the DNSSEC validation code in named. If named had multiple trust anchors configured for a zone, a response to a request for a record in that zone with a bad signature could cause named to crash. (CVE-2010-3762) It was discovered that, in certain cases, named did not properly perform DNSSEC validation of an NS RRset for zones in the middle of a DNSKEY algorithm rollover. This flaw could cause the validator to incorrectly determine that the zone is insecure and not protected by DNSSEC. (CVE-2010-3614) After installing the update, the BIND daemon (named) will be restarted automatically. SL 5.x SRPMS: bind-9.3.6-4.P1.el5_5.3.src.rpm i386: bind-9.3.6-4.P1.el5_5.3.i386.rpm bind-chroot-9.3.6-4.P1.el5_5.3.i386.rpm bind-devel-9.3.6-4.P1.el5_5.3.i386.rpm bind-libbind-devel-9.3.6-4.P1.el5_5.3.i386.rpm bind-libs-9.3.6-4.P1.el5_5.3.i386.rpm bind-sdb-9.3.6-4.P1.el5_5.3.i386.rpm bind-utils-9.3.6-4.P1.el5_5.3.i386.rpm caching-nameserver-9.3.6-4.P1.el5_5.3.i386.rpm x86_64: bind-9.3.6-4.P1.el5_5.3.x86_64.rpm bind-chroot-9.3.6-4.P1.el5_5.3.x86_64.rpm bind-devel-9.3.6-4.P1.el5_5.3.i386.rpm bind-devel-9.3.6-4.P1.el5_5.3.x86_64.rpm bind-libbind-devel-9.3.6-4.P1.el5_5.3.i386.rpm bind-libbind-devel-9.3.6-4.P1.el5_5.3.x86_64.rpm bind-libs-9.3.6-4.P1.el5_5.3.i386.rpm bind-libs-9.3.6-4.P1.el5_5.3.x86_64.rpm bind-sdb-9.3.6-4.P1.el5_5.3.x86_64.rpm bind-utils-9.3.6-4.P1.el5_5.3.x86_64.rpm caching-nameserver-9.3.6-4.P1.el5_5.3.x86_64.rpm -Connie Sieh -Troy Dawson