bind-9.3.6-4.P1.1.1AXS3

エラータID: AXSA:2009-425:4

Release date: 
Friday, December 4, 2009 - 12:00
Subject: 
bind-9.3.6-4.P1.1.1AXS3
Affected Channels: 
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity: 
High
Description: 

BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly.
Security issues fixed with this release:
CVE-2009-4022
Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3, and 9.0.x through 9.3.x with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks via additional sections in a response sent for resolution of a recursive client query, which is not properly handled when the response is processed at the same time as requesting DNSSEC records (DO).
Other fixes:
- fix query-source option
- update patch for dynamic database backends
- backport allow-query-cache option to control access for all non-authoritative data
- add support for dynamically loadable database backends
- named-checkconf now checks ACLs validity
- update sample configuration file to address DNS reflector attacks
- handle named_write_master_zones SELinux boolean and /var/named perms relationship as documented
- handle unknown DLV algorithms well
- remove useless glibc-kernheaders BuildReq
- print nicer error message when configuration file is directory
- named-checkconf handles check-names directive well
- select correct nameservers when dig/host is called with -4 param
- add support for master-only notify type
- own chroot/var/log directory
- don't call bind-chroot-admin automatically during installation/update/remove of bind-chroot package. It broke too many configurations
- rebased to 9.3.6-P1, updated patches
- patches merged
- bind-bsdcompat.patch
- bind-9.2.2-nsl.patch
- bind-9.3-CVE-2008-1447.patch
- bind93-rh458932.patch
- bind-9.3-dbus-race.patch
- bind-9.3-l_server.patch
- bind-9.3-CVE-2008-0122.patch
- bind93-dsa_verify.patch
- bind-9.3.1-dbus_archdep_libdir.patch
- bind-9.3.2-prctl_set_dumpable.patch
- libbind-9.3.1rc1-fix_h_errno.patch

Solution: 

Update packages.

CVEs: 
CVE-2009-4022
Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.


Additional Info: 

N/A

Download: 

SRPMS
  1. bind-9.3.6-4.P1.1.1AXS3.src.rpm
    MD5: 90761a460bf51b17fafb503551e9b314
    SHA-256: c69e0dd873ce33a2f7fbff6948d88a608aadd719507c79d643b4302748c04c26
    Size: 5.58 MB

Asianux Server 3 for x86
  1. bind-9.3.6-4.P1.1.1AXS3.i386.rpm
    MD5: 377df7d3decaba2ac09bd6e62653f42b
    SHA-256: 5990fe1a607d3baf4a493e59103f84543ce17582d7a8a64b3ba14f7e88698c96
    Size: 0.96 MB
  2. bind-chroot-9.3.6-4.P1.1.1AXS3.i386.rpm
    MD5: eb3037f967990ef7b899835d0e458af7
    SHA-256: fc52bd8156d753946f1ef7d5c7edb1d1a3b4f931db57b51f0bcac3740cbb57ba
    Size: 44.99 kB
  3. bind-devel-9.3.6-4.P1.1.1AXS3.i386.rpm
    MD5: 193a5c5b0ec2e6df5a9717f5708ef1f5
    SHA-256: aaf1ac9567d7d9b3bffbfc3e78d97624eb221eb4e94d63521dbf1107f6b51bf4
    Size: 2.78 MB
  4. bind-libs-9.3.6-4.P1.1.1AXS3.i386.rpm
    MD5: 4a72967b8dcdf1cc8e17e9d64de65874
    SHA-256: 0cdf53bd214df0e91bba5c5759e26b954091dbc9155add1d046a62834b7f4188
    Size: 857.51 kB
  5. bind-utils-9.3.6-4.P1.1.1AXS3.i386.rpm
    MD5: f4902fbe82d9f727dcfd74041f08f445
    SHA-256: 137ab2fd4c098650aacba4d7e33d2dd7e9f7e10e6725ff10a2c199adb8ced00d
    Size: 170.15 kB
  6. caching-nameserver-9.3.6-4.P1.1.1AXS3.i386.rpm
    MD5: eae252713c01b452cece7e670aa5b264
    SHA-256: 0a3b30e774317249b9d741b80bf04d38c32015d052556d685228fe0b3c76c4fa
    Size: 61.21 kB

Asianux Server 3 for x86_64
  1. bind-9.3.6-4.P1.1.1AXS3.x86_64.rpm
    MD5: f64a61e79e1a85778894625c21bc6662
    SHA-256: 2df883d1cbeac75f3781e66cee6018044a1a274441c685dc92cf6cea507da8b7
    Size: 0.97 MB
  2. bind-chroot-9.3.6-4.P1.1.1AXS3.x86_64.rpm
    MD5: 2a1e4d7a109229c4a59f4dca7257e8d7
    SHA-256: 7060d67ce17c84ee35a62610ebd62961b9d70e23b34576bf4a00f9e79f30caa0
    Size: 44.96 kB
  3. bind-devel-9.3.6-4.P1.1.1AXS3.x86_64.rpm
    MD5: 9a3866d306a7701b38d82707ef85632c
    SHA-256: 9ac5cde028e34f726094348cc2e2e8f6e41da33a10e4e2052230ea545c59de62
    Size: 2.80 MB
  4. bind-libs-9.3.6-4.P1.1.1AXS3.x86_64.rpm
    MD5: c7cbd2fa68e43fa6aac641ca9e091b66
    SHA-256: 926f0fc6dc196d9af788685854150d882e0b307d074598b3a97ed53620ade594
    Size: 890.60 kB
  5. bind-utils-9.3.6-4.P1.1.1AXS3.x86_64.rpm
    MD5: 0de2f822d98ae519d49096ba4f7565e2
    SHA-256: ec4e799c1ae5d995e2c943a0764c2a3ba53d159885b385b9a8cdf1a39a914f18
    Size: 175.99 kB
  6. caching-nameserver-9.3.6-4.P1.1.1AXS3.x86_64.rpm
    MD5: 09fd8e5b1995aa26aa191469a646064d
    SHA-256: 9a22373587fb14441b03e3abed3fc94fe6eb7545cb2e9e93f039c15177ee593d
    Size: 61.17 kB