Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2020:3471 - Security Advisory
Issued:
2020-08-18
Updated:
2020-08-18

RHSA-2020:3471 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: bind security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for bind is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.

Security Fix(es):

  • bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616)
  • bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c (CVE-2020-8617)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, the BIND daemon (named) will be restarted automatically.

Affected Products

  • Red Hat Enterprise Linux Server - AUS 7.2 x86_64

Fixes

  • BZ - 1836118 - CVE-2020-8616 bind: BIND does not sufficiently limit the number of fetches performed when processing referrals
  • BZ - 1836124 - CVE-2020-8617 bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c

CVEs

  • CVE-2020-8616
  • CVE-2020-8617

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 7.2

SRPM
bind-9.9.4-29.el7_2.9.src.rpm SHA-256: b978472c91ff4493125275f75a01ea4108a2c6efd095c0e3312af1817112e7d2
x86_64
bind-9.9.4-29.el7_2.9.x86_64.rpm SHA-256: b9e7a0dd5ebfda9f4f5ed577dd34ae1befd877dc868ba54ecac0b50f15e0a53e
bind-chroot-9.9.4-29.el7_2.9.x86_64.rpm SHA-256: 12761c7b311558eca714c3ff24b5bf398aceba3f91603f6bb180d56bb8116f32
bind-debuginfo-9.9.4-29.el7_2.9.i686.rpm SHA-256: d0ba2e26137d3d8adeadebc82c76121f13dcdab394de4daabfe8e2d849ed2618
bind-debuginfo-9.9.4-29.el7_2.9.i686.rpm SHA-256: d0ba2e26137d3d8adeadebc82c76121f13dcdab394de4daabfe8e2d849ed2618
bind-debuginfo-9.9.4-29.el7_2.9.x86_64.rpm SHA-256: 989b469f8cbc79476883230644eb97378faa3ecbe2047fedebba520c1828c1cf
bind-debuginfo-9.9.4-29.el7_2.9.x86_64.rpm SHA-256: 989b469f8cbc79476883230644eb97378faa3ecbe2047fedebba520c1828c1cf
bind-devel-9.9.4-29.el7_2.9.i686.rpm SHA-256: d4f381e3cfe98a622730974e43ee342bf2115916bf17ee091023af177dd387de
bind-devel-9.9.4-29.el7_2.9.x86_64.rpm SHA-256: 86891ee3f26cca75ca43390378bda1c99c4f78eddedf72c1876e1c7fe97a1e4f
bind-libs-9.9.4-29.el7_2.9.i686.rpm SHA-256: 34f924e7162373d958ae8482bcbe8f4f031c209f07b9461f4a19a0cbf7e3862f
bind-libs-9.9.4-29.el7_2.9.x86_64.rpm SHA-256: 693a09362e0031a770baa9a47d15d0b391bf1694a6c2ebe636909fb11e2020ac
bind-libs-lite-9.9.4-29.el7_2.9.i686.rpm SHA-256: 38f3cc51cef1e12e5fa987991595611cd7af65b433c8690d70263a21180e4979
bind-libs-lite-9.9.4-29.el7_2.9.x86_64.rpm SHA-256: 2b5c385d84d324d5c27922da6a884e904f56d62a26742d84063e50a39ddd91cc
bind-license-9.9.4-29.el7_2.9.noarch.rpm SHA-256: ec4896533c7fe9e0d19e0e0d58e28e9184b9b4b169932a58d1b9bb3e36b9b8f9
bind-lite-devel-9.9.4-29.el7_2.9.i686.rpm SHA-256: d8455a7ea9f95244c9859a860ba0f801165f62bc43472a56d985ce8a2d0e746f
bind-lite-devel-9.9.4-29.el7_2.9.x86_64.rpm SHA-256: 47763b44b2f3e13f444669bc740dafdd7788ce5599f36d9f9c33651b1147298b
bind-pkcs11-9.9.4-29.el7_2.9.x86_64.rpm SHA-256: cbcbf7b5ae4b5f283142790d47e4e6d33887262e0bf33ba041e5692d9b02ac6f
bind-pkcs11-devel-9.9.4-29.el7_2.9.i686.rpm SHA-256: a3955457748c8e6223a8ec1ddfc788aa7ab145bd90986a80bd258114a6ce7e99
bind-pkcs11-devel-9.9.4-29.el7_2.9.x86_64.rpm SHA-256: 9ec9ebee07ee3f6fb15a8ff0efc479405f5044b86152c08f14d935695d989f8b
bind-pkcs11-libs-9.9.4-29.el7_2.9.i686.rpm SHA-256: f9216b7262e3b4ddb7f651b9f11b47ebeb71445d5cc47609b461c2a92dd33990
bind-pkcs11-libs-9.9.4-29.el7_2.9.x86_64.rpm SHA-256: 7c4560ad1a323a37118393a1c26777c42db5c5bc2435dc314b8feb06d16319fb
bind-pkcs11-utils-9.9.4-29.el7_2.9.x86_64.rpm SHA-256: 503fef47058ab77ee04cb8491a066fe9d9e4e9254ee61105f39c7976a60e2371
bind-sdb-9.9.4-29.el7_2.9.x86_64.rpm SHA-256: e46fccbb61606cfe6de72b3a022907210153209cd091917acd08d98e9b2d664e
bind-sdb-chroot-9.9.4-29.el7_2.9.x86_64.rpm SHA-256: 7707ad3e8e4d4833d34478bac3eabfc18df581288073f4c8da2010d8d61c0fc2
bind-utils-9.9.4-29.el7_2.9.x86_64.rpm SHA-256: e10344e416449b9f55117482b792dc274a311e4dd3c8e9e279f950997ea23363

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility