Issued:: 2012-07-23
Updated:: 2012-07-23

RHSA-2012:1110 - Security Advisory

Overview
Updated Packages

Synopsis

Important: bind security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated bind packages that fix one security issue are now available for
Red Hat Enterprise Linux 4 Extended Life Cycle Support.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Description

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.

A flaw was found in the way BIND handled zero length resource data records.
A malicious owner of a DNS domain could use this flaw to create
specially-crafted DNS resource records that would cause a recursive
resolver or secondary server to crash or, possibly, disclose portions of
its memory. (CVE-2012-1667)

Users of bind are advised to upgrade to these updated packages, which
correct this issue. After installing the update, the BIND daemon (named)
will be restarted automatically.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

Red Hat Enterprise Linux Server - Extended Life Cycle Support 4 x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support 4 ia64
Red Hat Enterprise Linux Server - Extended Life Cycle Support 4 i386

Fixes

BZ - 828078 - CVE-2012-1667 bind: handling of zero length rdata can cause named to terminate unexpectedly

CVEs

CVE-2012-1667

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - Extended Life Cycle Support 4

SRPM
bind-9.2.4-39.el4.src.rpm	SHA-256: 6f611c6215358713c481f17ab622df6b1ac9157dd0e40d54e2e461171669ff9f
x86_64
bind-9.2.4-39.el4.x86_64.rpm	SHA-256: edc49954c33530fc377b94cd9c377c39e6c183b93ff56dbd4aee401ffe7054be
bind-9.2.4-39.el4.x86_64.rpm	SHA-256: edc49954c33530fc377b94cd9c377c39e6c183b93ff56dbd4aee401ffe7054be
bind-chroot-9.2.4-39.el4.x86_64.rpm	SHA-256: fa16b4bc6cf371b9649e4954d599f578b12c88dd2ba449f6ed857f3e40363b3d
bind-chroot-9.2.4-39.el4.x86_64.rpm	SHA-256: fa16b4bc6cf371b9649e4954d599f578b12c88dd2ba449f6ed857f3e40363b3d
bind-devel-9.2.4-39.el4.x86_64.rpm	SHA-256: 5172cbb37fc856b87017bda7e2db838866f213149d2a5474f1569a8d9a74e1f4
bind-devel-9.2.4-39.el4.x86_64.rpm	SHA-256: 5172cbb37fc856b87017bda7e2db838866f213149d2a5474f1569a8d9a74e1f4
bind-libs-9.2.4-39.el4.i386.rpm	SHA-256: 3c92c953da8eb356fcbbdd95fb2dee0ee8a0e0a90d3f2608815d4f86a3ac886d
bind-libs-9.2.4-39.el4.i386.rpm	SHA-256: 3c92c953da8eb356fcbbdd95fb2dee0ee8a0e0a90d3f2608815d4f86a3ac886d
bind-libs-9.2.4-39.el4.x86_64.rpm	SHA-256: 4b756819673ddc48f50385d2ee9c95aeeec2f87b5a578affc754d33cd4c7598d
bind-libs-9.2.4-39.el4.x86_64.rpm	SHA-256: 4b756819673ddc48f50385d2ee9c95aeeec2f87b5a578affc754d33cd4c7598d
bind-utils-9.2.4-39.el4.x86_64.rpm	SHA-256: a76d99334f5e2fd4c6dc95c610301a007f96c53bb97b385f5b9eb00afe2b6259
bind-utils-9.2.4-39.el4.x86_64.rpm	SHA-256: a76d99334f5e2fd4c6dc95c610301a007f96c53bb97b385f5b9eb00afe2b6259
ia64
bind-9.2.4-39.el4.ia64.rpm	SHA-256: 71771be238b8b05a6f01de4a57a73e814a0cc8e5b5ef43a22e1f035bbd79fc6d
bind-chroot-9.2.4-39.el4.ia64.rpm	SHA-256: 1dac68fd9d3d2d7a00ac5131f11f5ce0e8b14a36c6d8f9d15a9b1e334ff61511
bind-devel-9.2.4-39.el4.ia64.rpm	SHA-256: 9902d9bb7d53abde28c3ce1c82a392ee9141bfcbcf7cfd0ae2ab1731396cde53
bind-libs-9.2.4-39.el4.i386.rpm	SHA-256: 3c92c953da8eb356fcbbdd95fb2dee0ee8a0e0a90d3f2608815d4f86a3ac886d
bind-libs-9.2.4-39.el4.ia64.rpm	SHA-256: f293a1cc1e6aca3224f62870a84278331e23164b9dd00228a8e8b2dac78d41aa
bind-utils-9.2.4-39.el4.ia64.rpm	SHA-256: da6661aeb74d6cc5e7082d4270775b5a1eb47ac468d0bfc8e56ae6dbf7ff463b
i386
bind-9.2.4-39.el4.i386.rpm	SHA-256: 1de7d7c4b39997ecbd9d0f660a72739777bfb72849548421e4bcdfa7ad2007d4
bind-9.2.4-39.el4.i386.rpm	SHA-256: 1de7d7c4b39997ecbd9d0f660a72739777bfb72849548421e4bcdfa7ad2007d4
bind-chroot-9.2.4-39.el4.i386.rpm	SHA-256: 65dab3c5588c46abc6b16710535acd73e04235d1b4a55090ccf2c8cf67bc63f9
bind-chroot-9.2.4-39.el4.i386.rpm	SHA-256: 65dab3c5588c46abc6b16710535acd73e04235d1b4a55090ccf2c8cf67bc63f9
bind-devel-9.2.4-39.el4.i386.rpm	SHA-256: 7e0b6c2440dcb84229102d560490ae0bacddd4afdef8b744d17e161e12b59653
bind-devel-9.2.4-39.el4.i386.rpm	SHA-256: 7e0b6c2440dcb84229102d560490ae0bacddd4afdef8b744d17e161e12b59653
bind-libs-9.2.4-39.el4.i386.rpm	SHA-256: 3c92c953da8eb356fcbbdd95fb2dee0ee8a0e0a90d3f2608815d4f86a3ac886d
bind-libs-9.2.4-39.el4.i386.rpm	SHA-256: 3c92c953da8eb356fcbbdd95fb2dee0ee8a0e0a90d3f2608815d4f86a3ac886d
bind-utils-9.2.4-39.el4.i386.rpm	SHA-256: 168bd20ea4f732b2cf49957737706e043b8c60d2465aeabdf0be2c7af78a572a
bind-utils-9.2.4-39.el4.i386.rpm	SHA-256: 168bd20ea4f732b2cf49957737706e043b8c60d2465aeabdf0be2c7af78a572a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation