Synopsis:          Moderate: bind security and enhancement update
Issue Date:        2013-02-21
CVE Numbers:       CVE-2012-5689
--

A flaw was found in the DNS64 implementation in BIND when using Response 
Policy
Zones (RPZ). If a remote attacker sent a specially-crafted query to a named
server that is using RPZ rewrite rules, named could exit unexpectedly 
with an
assertion failure. Note that DNS64 support is not enabled by default.
(CVE-2012-5689)

This update also adds the following enhancement:

* Previously, it was impossible to configure the the maximum number of
responses sent per second to one client. This allowed remote attackers to
conduct traffic amplification attacks using DNS queries with spoofed 
source IP
addresses. With this update, it is possible to use the new "rate-limit"
configuration option in named.conf and configure the maximum number of 
queries
which the server responds to. Refer to the BIND documentation for more 
details
about the "rate-limit" option.

After installing the update, the BIND daemon (named) will be restarted
automatically.
--

SL6
   x86_64
     bind-debuginfo-9.8.2-0.17.rc1.el6.3.i686.rpm
     bind-debuginfo-9.8.2-0.17.rc1.el6.3.x86_64.rpm
     bind-libs-9.8.2-0.17.rc1.el6.3.i686.rpm
     bind-libs-9.8.2-0.17.rc1.el6.3.x86_64.rpm
     bind-utils-9.8.2-0.17.rc1.el6.3.x86_64.rpm
     bind-9.8.2-0.17.rc1.el6.3.x86_64.rpm
     bind-chroot-9.8.2-0.17.rc1.el6.3.x86_64.rpm
     bind-devel-9.8.2-0.17.rc1.el6.3.i686.rpm
     bind-devel-9.8.2-0.17.rc1.el6.3.x86_64.rpm
     bind-sdb-9.8.2-0.17.rc1.el6.3.x86_64.rpm
   i386
     bind-debuginfo-9.8.2-0.17.rc1.el6.3.i686.rpm
     bind-libs-9.8.2-0.17.rc1.el6.3.i686.rpm
     bind-utils-9.8.2-0.17.rc1.el6.3.i686.rpm
     bind-9.8.2-0.17.rc1.el6.3.i686.rpm
     bind-chroot-9.8.2-0.17.rc1.el6.3.i686.rpm
     bind-devel-9.8.2-0.17.rc1.el6.3.i686.rpm
     bind-sdb-9.8.2-0.17.rc1.el6.3.i686.rpm

- Scientific Linux Development Team