Red Hat Product Errata RHSA-2009:1620 - Security Advisory

Issued:: 2009-11-30
Updated:: 2009-11-30

RHSA-2009:1620 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: bind security update

Type/Severity

Security Advisory: Moderate

Topic

Updated bind packages that fix one security issue are now available for
Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.

Michael Sinatra discovered that BIND was incorrectly caching responses
without performing proper DNSSEC validation, when those responses were
received during the resolution of a recursive client query that requested
DNSSEC records but indicated that checking should be disabled. A remote
attacker could use this flaw to bypass the DNSSEC validation check and
perform a cache poisoning attack if the target BIND server was receiving
such client queries. (CVE-2009-4022)

All BIND users are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue. After installing the
update, the BIND daemon (named) will be restarted automatically.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Server - Extended Update Support 5.4 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 5.4 ia64
Red Hat Enterprise Linux Server - Extended Update Support 5.4 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.4 s390x
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.4 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 538744 - CVE-2009-4022 bind: cache poisoning using not validated DNSSEC responses

CVEs

CVE-2009-4022

References

http://www.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
bind-9.3.6-4.P1.el5_4.1.src.rpm	SHA-256: f85ac8dd5e8d521d7c3d7d045bfd726e8207d20ede729254cfeda0a97a56a388
x86_64
bind-9.3.6-4.P1.el5_4.1.x86_64.rpm	SHA-256: f5ec0c12b31f408e56c07863ef7a66a7c0053798bceacf5afb65e8a173cca1fc
bind-chroot-9.3.6-4.P1.el5_4.1.x86_64.rpm	SHA-256: 1d482d57c92d42ea94f958dbf2031ee32eecc5e05005746e4cb47e0ce17f16ff
bind-devel-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: 0eae24960b31be41f62faf264affcca4c06ec3f656896434e9eb42431d5f4f4d
bind-devel-9.3.6-4.P1.el5_4.1.x86_64.rpm	SHA-256: 51f2f8014f515fb62f666ecc3b533e190c5c1e105a03ad2f90d246a1b135b672
bind-libbind-devel-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: 12229bf0840eee4efc313c0e5cf6d1d365919995b6e21122e0ee8c753f632e06
bind-libbind-devel-9.3.6-4.P1.el5_4.1.x86_64.rpm	SHA-256: 1cf04aeee39af591e940050e36fd6ef5122acb179b369a07e78d57de5fdfdd0a
bind-libs-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: e85fac44e803c525373f72770650903922d5132b2fe1d43ee077ca320b84b423
bind-libs-9.3.6-4.P1.el5_4.1.x86_64.rpm	SHA-256: c6306023b4c8f4c44d08e7b9782a8a0e13acb27c2991ece3eda6180581176fbd
bind-sdb-9.3.6-4.P1.el5_4.1.x86_64.rpm	SHA-256: 825057602a39718a039ad0dabf2102b9650ebc807ff10a05be32c76385c04303
bind-utils-9.3.6-4.P1.el5_4.1.x86_64.rpm	SHA-256: 10c1e69f5f2b09cb28ee0e60cacf2c0e661e81fcfdcd025ae2d55853daa8e90c
caching-nameserver-9.3.6-4.P1.el5_4.1.x86_64.rpm	SHA-256: f0ab0dd1cf8befd9e67a050187e1be61d6340c22c9f15253b518ca967ef68392
ia64
bind-9.3.6-4.P1.el5_4.1.ia64.rpm	SHA-256: 0d827375bd55f7ad8e3fbc7f54ea67325a558b1478ac535a67a6275ccdfc4ddb
bind-chroot-9.3.6-4.P1.el5_4.1.ia64.rpm	SHA-256: a14efbfbfefa4d004d69087e427f0e0509e857f502e8934a045fb5017f9cffa4
bind-devel-9.3.6-4.P1.el5_4.1.ia64.rpm	SHA-256: 785d1aa2ebe8f0e3fb5ab1685b9e8c80d4fce78ebe34c93552d9f8fbfcb6281d
bind-libbind-devel-9.3.6-4.P1.el5_4.1.ia64.rpm	SHA-256: 6c328c50892f98b73eb4c476315f8d32d7491ce559e00d24c8db0727df072b1d
bind-libs-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: e85fac44e803c525373f72770650903922d5132b2fe1d43ee077ca320b84b423
bind-libs-9.3.6-4.P1.el5_4.1.ia64.rpm	SHA-256: 1411bee9ae6da1937dfa1b66383cedb5a26862c8fb5778790ac02403f5a69e36
bind-sdb-9.3.6-4.P1.el5_4.1.ia64.rpm	SHA-256: 89c007260d1cc3cb0f9cb8ae0763b5d26d95afc66bdc5509a6d7a31e8a0f2bea
bind-utils-9.3.6-4.P1.el5_4.1.ia64.rpm	SHA-256: ac2caf5361f56015f559da728a666d672920ed6dfaa83473c5c9d864a1a11ec5
caching-nameserver-9.3.6-4.P1.el5_4.1.ia64.rpm	SHA-256: beebc3d230497345471ed05fe4a208b7fbb8641165afacaa39c7e7317f67eb09
i386
bind-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: 96e2e5f92eb5408a36301d1e724f330d98fcb7fc8dea8bfc2fa4f461dca01f74
bind-chroot-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: 3abc09ae3130c3c1a74448fedb36c4b2c2dbfe9ccaf3dce9a2ed011c0eb3b9cd
bind-devel-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: 0eae24960b31be41f62faf264affcca4c06ec3f656896434e9eb42431d5f4f4d
bind-libbind-devel-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: 12229bf0840eee4efc313c0e5cf6d1d365919995b6e21122e0ee8c753f632e06
bind-libs-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: e85fac44e803c525373f72770650903922d5132b2fe1d43ee077ca320b84b423
bind-sdb-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: 3147fa9d43bdfdde8769757c3d7394fdc8ef76d615c3ab5dcfc667a7f4df13fa
bind-utils-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: 9bba8d6008f45479bada50767bb228e8a6d69ae8e8c7f1aa4e8366900b1e0c77
caching-nameserver-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: 037bf8024e2406d1ae8c81a52b09a93a74ad6cc691679bf4f6385a62f61bc034

Red Hat Enterprise Linux Workstation 5

SRPM
bind-9.3.6-4.P1.el5_4.1.src.rpm	SHA-256: f85ac8dd5e8d521d7c3d7d045bfd726e8207d20ede729254cfeda0a97a56a388
x86_64
bind-9.3.6-4.P1.el5_4.1.x86_64.rpm	SHA-256: f5ec0c12b31f408e56c07863ef7a66a7c0053798bceacf5afb65e8a173cca1fc
bind-chroot-9.3.6-4.P1.el5_4.1.x86_64.rpm	SHA-256: 1d482d57c92d42ea94f958dbf2031ee32eecc5e05005746e4cb47e0ce17f16ff
bind-devel-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: 0eae24960b31be41f62faf264affcca4c06ec3f656896434e9eb42431d5f4f4d
bind-devel-9.3.6-4.P1.el5_4.1.x86_64.rpm	SHA-256: 51f2f8014f515fb62f666ecc3b533e190c5c1e105a03ad2f90d246a1b135b672
bind-libbind-devel-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: 12229bf0840eee4efc313c0e5cf6d1d365919995b6e21122e0ee8c753f632e06
bind-libbind-devel-9.3.6-4.P1.el5_4.1.x86_64.rpm	SHA-256: 1cf04aeee39af591e940050e36fd6ef5122acb179b369a07e78d57de5fdfdd0a
bind-libs-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: e85fac44e803c525373f72770650903922d5132b2fe1d43ee077ca320b84b423
bind-libs-9.3.6-4.P1.el5_4.1.x86_64.rpm	SHA-256: c6306023b4c8f4c44d08e7b9782a8a0e13acb27c2991ece3eda6180581176fbd
bind-sdb-9.3.6-4.P1.el5_4.1.x86_64.rpm	SHA-256: 825057602a39718a039ad0dabf2102b9650ebc807ff10a05be32c76385c04303
bind-utils-9.3.6-4.P1.el5_4.1.x86_64.rpm	SHA-256: 10c1e69f5f2b09cb28ee0e60cacf2c0e661e81fcfdcd025ae2d55853daa8e90c
caching-nameserver-9.3.6-4.P1.el5_4.1.x86_64.rpm	SHA-256: f0ab0dd1cf8befd9e67a050187e1be61d6340c22c9f15253b518ca967ef68392
i386
bind-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: 96e2e5f92eb5408a36301d1e724f330d98fcb7fc8dea8bfc2fa4f461dca01f74
bind-chroot-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: 3abc09ae3130c3c1a74448fedb36c4b2c2dbfe9ccaf3dce9a2ed011c0eb3b9cd
bind-devel-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: 0eae24960b31be41f62faf264affcca4c06ec3f656896434e9eb42431d5f4f4d
bind-libbind-devel-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: 12229bf0840eee4efc313c0e5cf6d1d365919995b6e21122e0ee8c753f632e06
bind-libs-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: e85fac44e803c525373f72770650903922d5132b2fe1d43ee077ca320b84b423
bind-sdb-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: 3147fa9d43bdfdde8769757c3d7394fdc8ef76d615c3ab5dcfc667a7f4df13fa
bind-utils-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: 9bba8d6008f45479bada50767bb228e8a6d69ae8e8c7f1aa4e8366900b1e0c77
caching-nameserver-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: 037bf8024e2406d1ae8c81a52b09a93a74ad6cc691679bf4f6385a62f61bc034

Red Hat Enterprise Linux Desktop 5

SRPM
bind-9.3.6-4.P1.el5_4.1.src.rpm	SHA-256: f85ac8dd5e8d521d7c3d7d045bfd726e8207d20ede729254cfeda0a97a56a388
x86_64
bind-9.3.6-4.P1.el5_4.1.x86_64.rpm	SHA-256: f5ec0c12b31f408e56c07863ef7a66a7c0053798bceacf5afb65e8a173cca1fc
bind-libs-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: e85fac44e803c525373f72770650903922d5132b2fe1d43ee077ca320b84b423
bind-libs-9.3.6-4.P1.el5_4.1.x86_64.rpm	SHA-256: c6306023b4c8f4c44d08e7b9782a8a0e13acb27c2991ece3eda6180581176fbd
bind-sdb-9.3.6-4.P1.el5_4.1.x86_64.rpm	SHA-256: 825057602a39718a039ad0dabf2102b9650ebc807ff10a05be32c76385c04303
bind-utils-9.3.6-4.P1.el5_4.1.x86_64.rpm	SHA-256: 10c1e69f5f2b09cb28ee0e60cacf2c0e661e81fcfdcd025ae2d55853daa8e90c
i386
bind-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: 96e2e5f92eb5408a36301d1e724f330d98fcb7fc8dea8bfc2fa4f461dca01f74
bind-libs-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: e85fac44e803c525373f72770650903922d5132b2fe1d43ee077ca320b84b423
bind-sdb-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: 3147fa9d43bdfdde8769757c3d7394fdc8ef76d615c3ab5dcfc667a7f4df13fa
bind-utils-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: 9bba8d6008f45479bada50767bb228e8a6d69ae8e8c7f1aa4e8366900b1e0c77

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
bind-9.3.6-4.P1.el5_4.1.src.rpm	SHA-256: f85ac8dd5e8d521d7c3d7d045bfd726e8207d20ede729254cfeda0a97a56a388
s390x
bind-9.3.6-4.P1.el5_4.1.s390x.rpm	SHA-256: 4f4bdb6923a8b41c728195d744d499b534189b3c5c03517ed4f61570df0ebda5
bind-chroot-9.3.6-4.P1.el5_4.1.s390x.rpm	SHA-256: 3c51db51dc8d16071a8d5cb8ac20ae36edc9cca38ecc8f88d802ebf7be7b7cac
bind-devel-9.3.6-4.P1.el5_4.1.s390.rpm	SHA-256: 81524e83b1a3d78b7ed93a71c748fab80e1eb908d2c8d9fd2fd27f6f7142e138
bind-devel-9.3.6-4.P1.el5_4.1.s390x.rpm	SHA-256: b053b0a42cf4a575d14678341bac0487d99cc6895bf6ef3750a877cee8b0dfff
bind-libbind-devel-9.3.6-4.P1.el5_4.1.s390.rpm	SHA-256: 742f81c941c4c5600ca78a92f7dea9a6cd4cd597e637293557230ad9374269de
bind-libbind-devel-9.3.6-4.P1.el5_4.1.s390x.rpm	SHA-256: c27cf6caba418068c1fdd605c7f31b61b272a555f510599b93f6c1e9f8788ac3
bind-libs-9.3.6-4.P1.el5_4.1.s390.rpm	SHA-256: ce81ed172736c73981c3272eee33843a10acf036789575e2e644a21b6dac5173
bind-libs-9.3.6-4.P1.el5_4.1.s390x.rpm	SHA-256: 48c1954c519a61c3532a940e0e1e7a6d4429f09c01c8f7c99f417f3c6c59ec3e
bind-sdb-9.3.6-4.P1.el5_4.1.s390x.rpm	SHA-256: 3290355255b85a429119702829bd05ed3727dea45cc20e740be2a3d99c343dd0
bind-utils-9.3.6-4.P1.el5_4.1.s390x.rpm	SHA-256: ed2f85e268b7e477ef44a597531a81c40bbabb795b15c86e4f006a3901a9e93e
caching-nameserver-9.3.6-4.P1.el5_4.1.s390x.rpm	SHA-256: 4b1927193f3b04ef9affc90ad0bc46a677b48c4db81ea1f4c6e3bbc2ced6bbc2

Red Hat Enterprise Linux for Power, big endian 5

SRPM
bind-9.3.6-4.P1.el5_4.1.src.rpm	SHA-256: f85ac8dd5e8d521d7c3d7d045bfd726e8207d20ede729254cfeda0a97a56a388
ppc
bind-9.3.6-4.P1.el5_4.1.ppc.rpm	SHA-256: 7fcb76efb104e60d1a9dadec315c4fdb094de73e1d259527aef8edfb7dc3cadf
bind-chroot-9.3.6-4.P1.el5_4.1.ppc.rpm	SHA-256: d214899309f63c35a99982c6c4b716314848ee8de2bdaf776589e80bc47fe0e0
bind-devel-9.3.6-4.P1.el5_4.1.ppc.rpm	SHA-256: 697223e826b5fa84b28d99531171d53bbcb794deb8ec32b1aad6ae85625570bd
bind-devel-9.3.6-4.P1.el5_4.1.ppc64.rpm	SHA-256: bb89edecfa1e7060e7dee7aaf6c2a9b4e51249544dbd459c7c351d40031dabd3
bind-libbind-devel-9.3.6-4.P1.el5_4.1.ppc.rpm	SHA-256: c17065595ade27b4636332bda51f767f715e12739a0a04d7441ecb2b895215d8
bind-libbind-devel-9.3.6-4.P1.el5_4.1.ppc64.rpm	SHA-256: b2dd6114de2d8e07c9acdbb66ad62bf6b867c22f2d157a9ab10f48345d7f65c3
bind-libs-9.3.6-4.P1.el5_4.1.ppc.rpm	SHA-256: 37175f87621906b702ac1d733fe48893bc51cf2e0684d998f95cd1a5155cf55f
bind-libs-9.3.6-4.P1.el5_4.1.ppc64.rpm	SHA-256: 12f1292a6d77124415bce7371baa0536a84855c80eaf89adc7ef9c23e314a4b7
bind-sdb-9.3.6-4.P1.el5_4.1.ppc.rpm	SHA-256: ab595264851cbf3ce483bf2fd1ecf3778123297d616932e1f5591b9584eb177e
bind-utils-9.3.6-4.P1.el5_4.1.ppc.rpm	SHA-256: b5dc21594e7ba071986d2835fb2e2d1a8f1370af024895873a1044db58441860
caching-nameserver-9.3.6-4.P1.el5_4.1.ppc.rpm	SHA-256: da6c37da5c49014fbbfa07381c3b1865747e27fe3f96501a95ebf6a50a60c9e2

Red Hat Enterprise Linux Server from RHUI 5

SRPM
bind-9.3.6-4.P1.el5_4.1.src.rpm	SHA-256: f85ac8dd5e8d521d7c3d7d045bfd726e8207d20ede729254cfeda0a97a56a388
x86_64
bind-9.3.6-4.P1.el5_4.1.x86_64.rpm	SHA-256: f5ec0c12b31f408e56c07863ef7a66a7c0053798bceacf5afb65e8a173cca1fc
bind-chroot-9.3.6-4.P1.el5_4.1.x86_64.rpm	SHA-256: 1d482d57c92d42ea94f958dbf2031ee32eecc5e05005746e4cb47e0ce17f16ff
bind-devel-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: 0eae24960b31be41f62faf264affcca4c06ec3f656896434e9eb42431d5f4f4d
bind-devel-9.3.6-4.P1.el5_4.1.x86_64.rpm	SHA-256: 51f2f8014f515fb62f666ecc3b533e190c5c1e105a03ad2f90d246a1b135b672
bind-libbind-devel-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: 12229bf0840eee4efc313c0e5cf6d1d365919995b6e21122e0ee8c753f632e06
bind-libbind-devel-9.3.6-4.P1.el5_4.1.x86_64.rpm	SHA-256: 1cf04aeee39af591e940050e36fd6ef5122acb179b369a07e78d57de5fdfdd0a
bind-libs-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: e85fac44e803c525373f72770650903922d5132b2fe1d43ee077ca320b84b423
bind-libs-9.3.6-4.P1.el5_4.1.x86_64.rpm	SHA-256: c6306023b4c8f4c44d08e7b9782a8a0e13acb27c2991ece3eda6180581176fbd
bind-sdb-9.3.6-4.P1.el5_4.1.x86_64.rpm	SHA-256: 825057602a39718a039ad0dabf2102b9650ebc807ff10a05be32c76385c04303
bind-utils-9.3.6-4.P1.el5_4.1.x86_64.rpm	SHA-256: 10c1e69f5f2b09cb28ee0e60cacf2c0e661e81fcfdcd025ae2d55853daa8e90c
caching-nameserver-9.3.6-4.P1.el5_4.1.x86_64.rpm	SHA-256: f0ab0dd1cf8befd9e67a050187e1be61d6340c22c9f15253b518ca967ef68392
i386
bind-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: 96e2e5f92eb5408a36301d1e724f330d98fcb7fc8dea8bfc2fa4f461dca01f74
bind-chroot-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: 3abc09ae3130c3c1a74448fedb36c4b2c2dbfe9ccaf3dce9a2ed011c0eb3b9cd
bind-devel-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: 0eae24960b31be41f62faf264affcca4c06ec3f656896434e9eb42431d5f4f4d
bind-libbind-devel-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: 12229bf0840eee4efc313c0e5cf6d1d365919995b6e21122e0ee8c753f632e06
bind-libs-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: e85fac44e803c525373f72770650903922d5132b2fe1d43ee077ca320b84b423
bind-sdb-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: 3147fa9d43bdfdde8769757c3d7394fdc8ef76d615c3ab5dcfc667a7f4df13fa
bind-utils-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: 9bba8d6008f45479bada50767bb228e8a6d69ae8e8c7f1aa4e8366900b1e0c77
caching-nameserver-9.3.6-4.P1.el5_4.1.i386.rpm	SHA-256: 037bf8024e2406d1ae8c81a52b09a93a74ad6cc691679bf4f6385a62f61bc034

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories