RHBA-2006:0287 - Bug Fix Advisory

标题

Updated bind packages are available.

描述

BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. The bind package provides a DNS server
(named), which resolves host names to IP addresses, and tools for
control and verification of the DNS server. The bind-libs package
provides the libraries used by the DNS server and bind-utils. The
bind-utils package provides DNS lookup utilities: host(1), dig(1),
and nslookup. The bind-devel package provides header files for
development with the BIND libraries. A default set of DNS server
configuration files is provided by the caching-nameserver package.

This update delivers backports from ISC BIND 9.2.6 to fix these issues:

• -Fixes to named's thread locking logic

This feature in ISC BIND 9.3.0+ was backported and delivered in this update:

• -edns-udp-size: Users can now set the maximum size of UDP packets used

for EDNS0 (RFC 2671), to get past routers / firewalls that enforce a
maximum UDP packet size.

Miscellaneous bug fixes, including improved support for custom named.conf
locations, are also delivered in this update.

All BIND users are advised to upgrade to these updated bind packages.

解决方案

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

受影响的产品

• Red Hat Enterprise Linux Server 3 x86_64
• Red Hat Enterprise Linux Server 3 ia64
• Red Hat Enterprise Linux Server 3 i386
• Red Hat Enterprise Linux Workstation 3 x86_64
• Red Hat Enterprise Linux Workstation 3 ia64
• Red Hat Enterprise Linux Workstation 3 i386
• Red Hat Enterprise Linux Desktop 3 x86_64
• Red Hat Enterprise Linux Desktop 3 i386
• Red Hat Enterprise Linux for IBM z Systems 3 s390x
• Red Hat Enterprise Linux for IBM z Systems 3 s390
• Red Hat Enterprise Linux for Power, big endian 3 ppc

修复

• BZ - 170326 - critical issues with BIND 9.2.4 now fixed with ISC BIND 9.2.5 require backport
• BZ - 170357 - /etc/init.d/named insists on /etc/named.conf, although this can be changed
• BZ - 170359 - bind-chroot directory permissions allow inappropriate write access for the named user.
• BZ - 174129 - critical upstream bug fixes need backporting

CVE

• CVE-2006-4096

参考

(none)