Synopsis

Important: bind-dyndb-ldap security update

Type/Severity

Security Advisory: Important

Topic

An updated bind-dyndb-ldap package that fixes one security issue is now
available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Description

The dynamic LDAP back end is a plug-in for BIND that provides back-end
capabilities to LDAP databases. It features support for dynamic updates and
internal caching that help to reduce the load on LDAP servers.

A flaw was found in the way bind-dyndb-ldap performed the escaping of names
from DNS requests for use in LDAP queries. A remote attacker able to send
DNS queries to a named server that is configured to use bind-dyndb-ldap
could use this flaw to cause named to exit unexpectedly with an assertion
failure. (CVE-2012-3429)

Red Hat would like to thank Sigbjorn Lie of Atea Norway for reporting this
issue.

All bind-dyndb-ldap users should upgrade to this updated package, which
contains a backported patch to correct this issue. For the update to take
effect, the named service must be restarted.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 6 x86_64
• Red Hat Enterprise Linux Server 6 i386
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 6.3 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 6.3 i386
• Red Hat Enterprise Linux Workstation 6 x86_64
• Red Hat Enterprise Linux Workstation 6 i386
• Red Hat Enterprise Linux for IBM z Systems 6 s390x
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 6.3 s390x
• Red Hat Enterprise Linux for Power, big endian 6 ppc64
• Red Hat Enterprise Linux for Power, big endian - Extended Update Support 6.3 ppc64
• Red Hat Enterprise Linux Server from RHUI 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 i386
• Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.3 x86_64
• Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.3 i386

Fixes

• BZ - 842466 - CVE-2012-3429 bind-dyndb-ldap: named DoS via DNS query with $ in name

CVEs

• CVE-2012-3429

References

• https://access.redhat.com/security/updates/classification/#important

Red Hat Enterprise Linux Server 6

SRPM
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.src.rpm	SHA-256: 20a1a42505e7ff6dc69ea8b8b9ea14e5a8943f7dbea09e08f15cae7cf7bfdd8e
x86_64
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.x86_64.rpm	SHA-256: dacb474a9be104ed2078954b956c9139ee65fe063b467a13ce0cfa0334ed102a
bind-dyndb-ldap-debuginfo-1.1.0-0.9.b1.el6_3.1.x86_64.rpm	SHA-256: 0518c9e0f5adaa14b8fde599d76fa6a7f27a2327fadff78ef842ee8a941dbcf3
i386
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.i686.rpm	SHA-256: c2a6fcf68e1c8cca16730144c7edb465417fcbe8d58fb59b6450ad726e4e8205
bind-dyndb-ldap-debuginfo-1.1.0-0.9.b1.el6_3.1.i686.rpm	SHA-256: 5820008b85df4abdb90be9ab5af4197cc0b43e45257d6955db6aaa7c34086e02

Red Hat Enterprise Linux for x86_64 - Extended Update Support 6.3

SRPM
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.src.rpm	SHA-256: 20a1a42505e7ff6dc69ea8b8b9ea14e5a8943f7dbea09e08f15cae7cf7bfdd8e
x86_64
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.x86_64.rpm	SHA-256: dacb474a9be104ed2078954b956c9139ee65fe063b467a13ce0cfa0334ed102a
bind-dyndb-ldap-debuginfo-1.1.0-0.9.b1.el6_3.1.x86_64.rpm	SHA-256: 0518c9e0f5adaa14b8fde599d76fa6a7f27a2327fadff78ef842ee8a941dbcf3
i386
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.i686.rpm	SHA-256: c2a6fcf68e1c8cca16730144c7edb465417fcbe8d58fb59b6450ad726e4e8205
bind-dyndb-ldap-debuginfo-1.1.0-0.9.b1.el6_3.1.i686.rpm	SHA-256: 5820008b85df4abdb90be9ab5af4197cc0b43e45257d6955db6aaa7c34086e02

Red Hat Enterprise Linux Workstation 6

SRPM
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.src.rpm	SHA-256: 20a1a42505e7ff6dc69ea8b8b9ea14e5a8943f7dbea09e08f15cae7cf7bfdd8e
x86_64
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.x86_64.rpm	SHA-256: dacb474a9be104ed2078954b956c9139ee65fe063b467a13ce0cfa0334ed102a
bind-dyndb-ldap-debuginfo-1.1.0-0.9.b1.el6_3.1.x86_64.rpm	SHA-256: 0518c9e0f5adaa14b8fde599d76fa6a7f27a2327fadff78ef842ee8a941dbcf3
i386
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.i686.rpm	SHA-256: c2a6fcf68e1c8cca16730144c7edb465417fcbe8d58fb59b6450ad726e4e8205
bind-dyndb-ldap-debuginfo-1.1.0-0.9.b1.el6_3.1.i686.rpm	SHA-256: 5820008b85df4abdb90be9ab5af4197cc0b43e45257d6955db6aaa7c34086e02

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.src.rpm	SHA-256: 20a1a42505e7ff6dc69ea8b8b9ea14e5a8943f7dbea09e08f15cae7cf7bfdd8e
s390x
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.s390x.rpm	SHA-256: 8e66fa4b9504c93eee96d0a9f926924ac97c3677374125fe7140a933ba2565f4
bind-dyndb-ldap-debuginfo-1.1.0-0.9.b1.el6_3.1.s390x.rpm	SHA-256: d27bac52092de61e2bc69969ef27f4fbc0c11d0f388baf959c38d2477f46227e

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 6.3

SRPM
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.src.rpm	SHA-256: 20a1a42505e7ff6dc69ea8b8b9ea14e5a8943f7dbea09e08f15cae7cf7bfdd8e
s390x
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.s390x.rpm	SHA-256: 8e66fa4b9504c93eee96d0a9f926924ac97c3677374125fe7140a933ba2565f4
bind-dyndb-ldap-debuginfo-1.1.0-0.9.b1.el6_3.1.s390x.rpm	SHA-256: d27bac52092de61e2bc69969ef27f4fbc0c11d0f388baf959c38d2477f46227e

Red Hat Enterprise Linux for Power, big endian 6

SRPM
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.src.rpm	SHA-256: 20a1a42505e7ff6dc69ea8b8b9ea14e5a8943f7dbea09e08f15cae7cf7bfdd8e
ppc64
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.ppc64.rpm	SHA-256: 624d52fc317c879513099f641360dc7d643e8bba7852d2d7fc02933d79aae1eb
bind-dyndb-ldap-debuginfo-1.1.0-0.9.b1.el6_3.1.ppc64.rpm	SHA-256: 7343adfcd615b7f909b1505dba6d3aadf6e2157791b2cb767ad36467ec0c8537

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 6.3

SRPM
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.src.rpm	SHA-256: 20a1a42505e7ff6dc69ea8b8b9ea14e5a8943f7dbea09e08f15cae7cf7bfdd8e
ppc64
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.ppc64.rpm	SHA-256: 624d52fc317c879513099f641360dc7d643e8bba7852d2d7fc02933d79aae1eb
bind-dyndb-ldap-debuginfo-1.1.0-0.9.b1.el6_3.1.ppc64.rpm	SHA-256: 7343adfcd615b7f909b1505dba6d3aadf6e2157791b2cb767ad36467ec0c8537

Red Hat Enterprise Linux Server from RHUI 6

SRPM
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.src.rpm	SHA-256: 20a1a42505e7ff6dc69ea8b8b9ea14e5a8943f7dbea09e08f15cae7cf7bfdd8e
x86_64
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.x86_64.rpm	SHA-256: dacb474a9be104ed2078954b956c9139ee65fe063b467a13ce0cfa0334ed102a
bind-dyndb-ldap-debuginfo-1.1.0-0.9.b1.el6_3.1.x86_64.rpm	SHA-256: 0518c9e0f5adaa14b8fde599d76fa6a7f27a2327fadff78ef842ee8a941dbcf3
i386
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.i686.rpm	SHA-256: c2a6fcf68e1c8cca16730144c7edb465417fcbe8d58fb59b6450ad726e4e8205
bind-dyndb-ldap-debuginfo-1.1.0-0.9.b1.el6_3.1.i686.rpm	SHA-256: 5820008b85df4abdb90be9ab5af4197cc0b43e45257d6955db6aaa7c34086e02

Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.3

SRPM
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.src.rpm	SHA-256: 20a1a42505e7ff6dc69ea8b8b9ea14e5a8943f7dbea09e08f15cae7cf7bfdd8e
x86_64
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.x86_64.rpm	SHA-256: dacb474a9be104ed2078954b956c9139ee65fe063b467a13ce0cfa0334ed102a
bind-dyndb-ldap-debuginfo-1.1.0-0.9.b1.el6_3.1.x86_64.rpm	SHA-256: 0518c9e0f5adaa14b8fde599d76fa6a7f27a2327fadff78ef842ee8a941dbcf3
i386
bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.i686.rpm	SHA-256: c2a6fcf68e1c8cca16730144c7edb465417fcbe8d58fb59b6450ad726e4e8205
bind-dyndb-ldap-debuginfo-1.1.0-0.9.b1.el6_3.1.i686.rpm	SHA-256: 5820008b85df4abdb90be9ab5af4197cc0b43e45257d6955db6aaa7c34086e02