Red Hat Product Errata RHSA-2010:0976 - Security Advisory
Issued:
2010-12-13
Updated:
2010-12-13

RHSA-2010:0976 - Security Advisory

Synopsis

Important: bind security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated bind packages that fix three security issues are now available for
Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Description

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.

It was discovered that named did not invalidate previously cached RRSIG
records when adding an NCACHE record for the same entry to the cache. A
remote attacker allowed to send recursive DNS queries to named could use
this flaw to crash named. (CVE-2010-3613)

A flaw was found in the DNSSEC validation code in named. If named had
multiple trust anchors configured for a zone, a response to a request for a
record in that zone with a bad signature could cause named to crash.
(CVE-2010-3762)

It was discovered that, in certain cases, named did not properly perform
DNSSEC validation of an NS RRset for zones in the middle of a DNSKEY
algorithm rollover. This flaw could cause the validator to incorrectly
determine that the zone is insecure and not protected by DNSSEC.
(CVE-2010-3614)

All BIND users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. After installing the
update, the BIND daemon (named) will be restarted automatically.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 640730 - CVE-2010-3762 Bind: DoS (assertion failure) via a DNS query with bad signatures
  • BZ - 658974 - CVE-2010-3613 bind: failure to clear existing RRSIG records when a NO DATA is negatively cached could DoS named
  • BZ - 658977 - CVE-2010-3614 bind: key algorithm rollover may mark secure answers as insecure

Red Hat Enterprise Linux Server 5

SRPM
bind-9.3.6-4.P1.el5_5.3.src.rpm SHA-256: efd1e128c4e877189366e841c218d52b7b97e5dca2694a0098f38c8644f50948
x86_64
bind-9.3.6-4.P1.el5_5.3.x86_64.rpm SHA-256: fe1aa90c841d970d1adb93ce80a69072a5bd67f7d2c4b6f399aebaa8f237b77d
bind-chroot-9.3.6-4.P1.el5_5.3.x86_64.rpm SHA-256: cabba6a2c4fca65f610e3fdc7781c6dd9178e3688c481ab363fe29080846301e
bind-devel-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: f459b614006384aa6b2c74a9255c96eef020607a4328c6ab2e3f5534ae708545
bind-devel-9.3.6-4.P1.el5_5.3.x86_64.rpm SHA-256: da4e3d1189d43811feb5d7f729c945416eb28e173d2bd9521a3e955348bc8eb9
bind-libbind-devel-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: a44dd699af4bf48180565c7c84bb679717c4900a3832cb020e7d501062cb802b
bind-libbind-devel-9.3.6-4.P1.el5_5.3.x86_64.rpm SHA-256: 7fd6d423f49bdb21fa3a9f47aeac6ac147cfe9771d5dcfa06e9f18fa500e7ef3
bind-libs-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: a54d391769db448293f17d013ff935ef5aa6539b2d21a8beff93349b02cb5386
bind-libs-9.3.6-4.P1.el5_5.3.x86_64.rpm SHA-256: 584ca2aeb9b8b024fae22bc22a117120509190ed6ae964997aa0922b3d7dbc1b
bind-sdb-9.3.6-4.P1.el5_5.3.x86_64.rpm SHA-256: 2e9f7effcaa1cb238bbff6174ee3717c1743fa4d3646dd93e75fddf5b259faa5
bind-utils-9.3.6-4.P1.el5_5.3.x86_64.rpm SHA-256: 1031f57c72becb55baa22fda844e1f9fe2970ab05334ba760be00f8441f309a7
caching-nameserver-9.3.6-4.P1.el5_5.3.x86_64.rpm SHA-256: 198fcee24a8320baa04534904a0e0a6a208af84831427266766cceb723e8b414
ia64
bind-9.3.6-4.P1.el5_5.3.ia64.rpm SHA-256: 0d02239e5c7a00b9ebd7c020c662ce508c67063b336632a9a88158775169b2ad
bind-chroot-9.3.6-4.P1.el5_5.3.ia64.rpm SHA-256: 875a744334e1cae03b0c2192d34dac164b9aa26594aa33ea13d125d40934d7e1
bind-devel-9.3.6-4.P1.el5_5.3.ia64.rpm SHA-256: 5526bfa8d41788a875e8265f916a04962dbfaf3de195f6347770b5f0aacabf02
bind-libbind-devel-9.3.6-4.P1.el5_5.3.ia64.rpm SHA-256: b159ce7fb25caf7fdcd21c79520d1bcd91c851feb05df52ed8b6dd982d06ea70
bind-libs-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: a54d391769db448293f17d013ff935ef5aa6539b2d21a8beff93349b02cb5386
bind-libs-9.3.6-4.P1.el5_5.3.ia64.rpm SHA-256: dbfff78cab1582a2128a634683cc8ae345afe910d033071dfe6c2823ab9ce868
bind-sdb-9.3.6-4.P1.el5_5.3.ia64.rpm SHA-256: 466920fd9572ab4b2369d02d13fce99a934cc6d99e13fba9c00df3db030cd6f3
bind-utils-9.3.6-4.P1.el5_5.3.ia64.rpm SHA-256: fd8c26e88f798fb023b8048c3001525a9197a65fb37eaf63d088f2c357275312
caching-nameserver-9.3.6-4.P1.el5_5.3.ia64.rpm SHA-256: ee5a2a03b2f123b357dd73926e7183d4901339d781db9a2e5b33f3aec3e663ae
i386
bind-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: 68fc8c6a584e4bcf0f64c21fbabe5cb3539b0fa3150ffbd65126d50b56b4dcfe
bind-chroot-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: db92ff1d69bf5cf76a0efb619cea825e29171ef868d27b8b5e2c3c94a038bf36
bind-devel-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: f459b614006384aa6b2c74a9255c96eef020607a4328c6ab2e3f5534ae708545
bind-libbind-devel-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: a44dd699af4bf48180565c7c84bb679717c4900a3832cb020e7d501062cb802b
bind-libs-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: a54d391769db448293f17d013ff935ef5aa6539b2d21a8beff93349b02cb5386
bind-sdb-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: 61cb3fafc4e329574955c670ef13c0f302569af8365a07b98cbf8f49f17cd1af
bind-utils-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: 240a0a09d2dd6ef1504f8a32790df60f5ad07fec695e92e6bdb79c49dae262fa
caching-nameserver-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: fedf1fe2e423b48e4a1dee4806e28e0cd08e11be08689d76794c0d5bf84f7af4

Red Hat Enterprise Linux Workstation 5

SRPM
bind-9.3.6-4.P1.el5_5.3.src.rpm SHA-256: efd1e128c4e877189366e841c218d52b7b97e5dca2694a0098f38c8644f50948
x86_64
bind-9.3.6-4.P1.el5_5.3.x86_64.rpm SHA-256: fe1aa90c841d970d1adb93ce80a69072a5bd67f7d2c4b6f399aebaa8f237b77d
bind-chroot-9.3.6-4.P1.el5_5.3.x86_64.rpm SHA-256: cabba6a2c4fca65f610e3fdc7781c6dd9178e3688c481ab363fe29080846301e
bind-devel-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: f459b614006384aa6b2c74a9255c96eef020607a4328c6ab2e3f5534ae708545
bind-devel-9.3.6-4.P1.el5_5.3.x86_64.rpm SHA-256: da4e3d1189d43811feb5d7f729c945416eb28e173d2bd9521a3e955348bc8eb9
bind-libbind-devel-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: a44dd699af4bf48180565c7c84bb679717c4900a3832cb020e7d501062cb802b
bind-libbind-devel-9.3.6-4.P1.el5_5.3.x86_64.rpm SHA-256: 7fd6d423f49bdb21fa3a9f47aeac6ac147cfe9771d5dcfa06e9f18fa500e7ef3
bind-libs-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: a54d391769db448293f17d013ff935ef5aa6539b2d21a8beff93349b02cb5386
bind-libs-9.3.6-4.P1.el5_5.3.x86_64.rpm SHA-256: 584ca2aeb9b8b024fae22bc22a117120509190ed6ae964997aa0922b3d7dbc1b
bind-sdb-9.3.6-4.P1.el5_5.3.x86_64.rpm SHA-256: 2e9f7effcaa1cb238bbff6174ee3717c1743fa4d3646dd93e75fddf5b259faa5
bind-utils-9.3.6-4.P1.el5_5.3.x86_64.rpm SHA-256: 1031f57c72becb55baa22fda844e1f9fe2970ab05334ba760be00f8441f309a7
caching-nameserver-9.3.6-4.P1.el5_5.3.x86_64.rpm SHA-256: 198fcee24a8320baa04534904a0e0a6a208af84831427266766cceb723e8b414
i386
bind-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: 68fc8c6a584e4bcf0f64c21fbabe5cb3539b0fa3150ffbd65126d50b56b4dcfe
bind-chroot-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: db92ff1d69bf5cf76a0efb619cea825e29171ef868d27b8b5e2c3c94a038bf36
bind-devel-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: f459b614006384aa6b2c74a9255c96eef020607a4328c6ab2e3f5534ae708545
bind-libbind-devel-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: a44dd699af4bf48180565c7c84bb679717c4900a3832cb020e7d501062cb802b
bind-libs-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: a54d391769db448293f17d013ff935ef5aa6539b2d21a8beff93349b02cb5386
bind-sdb-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: 61cb3fafc4e329574955c670ef13c0f302569af8365a07b98cbf8f49f17cd1af
bind-utils-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: 240a0a09d2dd6ef1504f8a32790df60f5ad07fec695e92e6bdb79c49dae262fa
caching-nameserver-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: fedf1fe2e423b48e4a1dee4806e28e0cd08e11be08689d76794c0d5bf84f7af4

Red Hat Enterprise Linux Desktop 5

SRPM
bind-9.3.6-4.P1.el5_5.3.src.rpm SHA-256: efd1e128c4e877189366e841c218d52b7b97e5dca2694a0098f38c8644f50948
x86_64
bind-9.3.6-4.P1.el5_5.3.x86_64.rpm SHA-256: fe1aa90c841d970d1adb93ce80a69072a5bd67f7d2c4b6f399aebaa8f237b77d
bind-libs-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: a54d391769db448293f17d013ff935ef5aa6539b2d21a8beff93349b02cb5386
bind-libs-9.3.6-4.P1.el5_5.3.x86_64.rpm SHA-256: 584ca2aeb9b8b024fae22bc22a117120509190ed6ae964997aa0922b3d7dbc1b
bind-sdb-9.3.6-4.P1.el5_5.3.x86_64.rpm SHA-256: 2e9f7effcaa1cb238bbff6174ee3717c1743fa4d3646dd93e75fddf5b259faa5
bind-utils-9.3.6-4.P1.el5_5.3.x86_64.rpm SHA-256: 1031f57c72becb55baa22fda844e1f9fe2970ab05334ba760be00f8441f309a7
i386
bind-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: 68fc8c6a584e4bcf0f64c21fbabe5cb3539b0fa3150ffbd65126d50b56b4dcfe
bind-libs-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: a54d391769db448293f17d013ff935ef5aa6539b2d21a8beff93349b02cb5386
bind-sdb-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: 61cb3fafc4e329574955c670ef13c0f302569af8365a07b98cbf8f49f17cd1af
bind-utils-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: 240a0a09d2dd6ef1504f8a32790df60f5ad07fec695e92e6bdb79c49dae262fa

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
bind-9.3.6-4.P1.el5_5.3.src.rpm SHA-256: efd1e128c4e877189366e841c218d52b7b97e5dca2694a0098f38c8644f50948
s390x
bind-9.3.6-4.P1.el5_5.3.s390x.rpm SHA-256: c39395de967f3ff973c421e84a4b59d6782bcdb74a19a145fbd4815a8e853ce9
bind-chroot-9.3.6-4.P1.el5_5.3.s390x.rpm SHA-256: 9cdc1a08ab920b86468074ee5de27423b6b597a404887ec2abd20c016e0b88dc
bind-devel-9.3.6-4.P1.el5_5.3.s390.rpm SHA-256: e98a57dd2592cbbb88983d0fa699b475e7111e0d096016d7c63b171c7195312c
bind-devel-9.3.6-4.P1.el5_5.3.s390x.rpm SHA-256: d48c5d7192d1e409b8491441b50e9cd2cfca80b97a4269938d27da391faae2f9
bind-libbind-devel-9.3.6-4.P1.el5_5.3.s390.rpm SHA-256: a4af4c51951e80219797fbcd15af694bd553aace58436f17c2eef5d5cb5dbd99
bind-libbind-devel-9.3.6-4.P1.el5_5.3.s390x.rpm SHA-256: 49064c31c0ded04971d0b1a864ae3ffdc8a96e1fd916b2f802f6af869b846f11
bind-libs-9.3.6-4.P1.el5_5.3.s390.rpm SHA-256: 60f87e73d93415af36b5643beaa4858e6f75bc2c1adc9a4fa876b1b04c89858b
bind-libs-9.3.6-4.P1.el5_5.3.s390x.rpm SHA-256: e38e250454cd02fbe4053f83ff91bd431c04208c0315a22159a7e2cd2a9306ec
bind-sdb-9.3.6-4.P1.el5_5.3.s390x.rpm SHA-256: 3d6d5c9476213b9647596c5b04358299a719faba34817579b2654258937cfe28
bind-utils-9.3.6-4.P1.el5_5.3.s390x.rpm SHA-256: 3e1cc65575167789b7f17e17459ad3713237044bcc00ed843c37b5b6320f35a8
caching-nameserver-9.3.6-4.P1.el5_5.3.s390x.rpm SHA-256: fdd659d7e14b081f383b7b0c4c32288d2c7c6ae0f892c4fd05aa03b2fd0ac4e3

Red Hat Enterprise Linux for Power, big endian 5

SRPM
bind-9.3.6-4.P1.el5_5.3.src.rpm SHA-256: efd1e128c4e877189366e841c218d52b7b97e5dca2694a0098f38c8644f50948
ppc
bind-9.3.6-4.P1.el5_5.3.ppc.rpm SHA-256: 5f487d642f8b9ee2fa5386f9973a44ade00040d8cae1f78a872a49e19f283073
bind-chroot-9.3.6-4.P1.el5_5.3.ppc.rpm SHA-256: f401e30eacc21a437d8e72663e840e718f64295d1e1435c895c1c0a075e0633d
bind-devel-9.3.6-4.P1.el5_5.3.ppc.rpm SHA-256: 488522fabeb981933996d6b9ee44221995ec14fe642290d8b522a2115846bbe8
bind-devel-9.3.6-4.P1.el5_5.3.ppc64.rpm SHA-256: c2f744c015e4b609e9ac84f2f54bd8a52a49162accce5a74ad803c75911cc0dd
bind-libbind-devel-9.3.6-4.P1.el5_5.3.ppc.rpm SHA-256: 926c0ef9c9de5ea9b58ed2e59d07aa558d3c72d6770399a90e59e3bb7922ae19
bind-libbind-devel-9.3.6-4.P1.el5_5.3.ppc64.rpm SHA-256: 50e1a2a8d7ce52b99206772c2ee34cf47632d31d73f529dad3dbfaf67f354b82
bind-libs-9.3.6-4.P1.el5_5.3.ppc.rpm SHA-256: 08a9c032faa93333f6921e6bc2299a2fe27de39a798446ce5a27b41cbc972753
bind-libs-9.3.6-4.P1.el5_5.3.ppc64.rpm SHA-256: cdb24a191eb4af4553e3913cbce6b72d37781ebb853f7ed7050e3a0c6a418cd4
bind-sdb-9.3.6-4.P1.el5_5.3.ppc.rpm SHA-256: fd719d1e507bdbb158cccd0436726510b62eed47ed1581dce680fdf0ac5df84a
bind-utils-9.3.6-4.P1.el5_5.3.ppc.rpm SHA-256: 495e8cd5efa313451c9e020a118ab48c62e70df5c17dec606f735559eb8fe621
caching-nameserver-9.3.6-4.P1.el5_5.3.ppc.rpm SHA-256: 59bead76995f872276a905f221000a99f093455b54c89a612e99481ce7f6a21e

Red Hat Enterprise Linux Server from RHUI 5

SRPM
bind-9.3.6-4.P1.el5_5.3.src.rpm SHA-256: efd1e128c4e877189366e841c218d52b7b97e5dca2694a0098f38c8644f50948
x86_64
bind-9.3.6-4.P1.el5_5.3.x86_64.rpm SHA-256: fe1aa90c841d970d1adb93ce80a69072a5bd67f7d2c4b6f399aebaa8f237b77d
bind-chroot-9.3.6-4.P1.el5_5.3.x86_64.rpm SHA-256: cabba6a2c4fca65f610e3fdc7781c6dd9178e3688c481ab363fe29080846301e
bind-devel-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: f459b614006384aa6b2c74a9255c96eef020607a4328c6ab2e3f5534ae708545
bind-devel-9.3.6-4.P1.el5_5.3.x86_64.rpm SHA-256: da4e3d1189d43811feb5d7f729c945416eb28e173d2bd9521a3e955348bc8eb9
bind-libbind-devel-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: a44dd699af4bf48180565c7c84bb679717c4900a3832cb020e7d501062cb802b
bind-libbind-devel-9.3.6-4.P1.el5_5.3.x86_64.rpm SHA-256: 7fd6d423f49bdb21fa3a9f47aeac6ac147cfe9771d5dcfa06e9f18fa500e7ef3
bind-libs-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: a54d391769db448293f17d013ff935ef5aa6539b2d21a8beff93349b02cb5386
bind-libs-9.3.6-4.P1.el5_5.3.x86_64.rpm SHA-256: 584ca2aeb9b8b024fae22bc22a117120509190ed6ae964997aa0922b3d7dbc1b
bind-sdb-9.3.6-4.P1.el5_5.3.x86_64.rpm SHA-256: 2e9f7effcaa1cb238bbff6174ee3717c1743fa4d3646dd93e75fddf5b259faa5
bind-utils-9.3.6-4.P1.el5_5.3.x86_64.rpm SHA-256: 1031f57c72becb55baa22fda844e1f9fe2970ab05334ba760be00f8441f309a7
caching-nameserver-9.3.6-4.P1.el5_5.3.x86_64.rpm SHA-256: 198fcee24a8320baa04534904a0e0a6a208af84831427266766cceb723e8b414
i386
bind-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: 68fc8c6a584e4bcf0f64c21fbabe5cb3539b0fa3150ffbd65126d50b56b4dcfe
bind-chroot-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: db92ff1d69bf5cf76a0efb619cea825e29171ef868d27b8b5e2c3c94a038bf36
bind-devel-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: f459b614006384aa6b2c74a9255c96eef020607a4328c6ab2e3f5534ae708545
bind-libbind-devel-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: a44dd699af4bf48180565c7c84bb679717c4900a3832cb020e7d501062cb802b
bind-libs-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: a54d391769db448293f17d013ff935ef5aa6539b2d21a8beff93349b02cb5386
bind-sdb-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: 61cb3fafc4e329574955c670ef13c0f302569af8365a07b98cbf8f49f17cd1af
bind-utils-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: 240a0a09d2dd6ef1504f8a32790df60f5ad07fec695e92e6bdb79c49dae262fa
caching-nameserver-9.3.6-4.P1.el5_5.3.i386.rpm SHA-256: fedf1fe2e423b48e4a1dee4806e28e0cd08e11be08689d76794c0d5bf84f7af4

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.