AXBA:2020-4703:02

Release date: 
Friday, April 10, 2020 - 12:52
Subject: 
bind-9.11.4-16.P2.2.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
N/A
Description: 

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.

Bug Fix(es) and Enhancement(s):

* Deadlock when reloading.

Security Fix(es):

* bind: TCP Pipelining doesn't limit TCP clients on a single connection (CVE-2019-6477)

* bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (CVE-2018-5745)

* bind: Controls for zone transfers may not be properly applied to DLZs if the zones are writable (CVE-2019-6465)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7 Release Notes linked from the References section.

CVE-2018-5745
"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.
CVE-2019-6465
Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465.
CVE-2019-6477
With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem).

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. bind-9.11.4-16.P2.2.0.1.el7.AXS7.src.rpm
    MD5: ef6b76c2fb105c8dd7d855bbe95f3dbf
    SHA-256: fc7e77d29a655d58e318e83b0a55749b46fc82383f7b12d73b338be3d4dd259f
    Size: 9.34 MB

Asianux Server 7 for x86_64
  1. bind-9.11.4-16.P2.2.0.1.el7.AXS7.x86_64.rpm
    MD5: aba6517f0fdcafb633ce9cbb34e116e2
    SHA-256: cba42e93d24ed86373e3eb62ad0bbd17121fa9b81cafa21e3639b95c53a2c84f
    Size: 2.32 MB
  2. bind-chroot-9.11.4-16.P2.2.0.1.el7.AXS7.x86_64.rpm
    MD5: d8f522d9431f8e27629d4a490ccc9d55
    SHA-256: 07a58f50e5932d31be8234584074f99e5ae72fb31cfd3e25e0c4b5b20b5b2f3a
    Size: 90.04 kB
  3. bind-export-devel-9.11.4-16.P2.2.0.1.el7.AXS7.x86_64.rpm
    MD5: 87793f3347b02e90550e749f0bacffe8
    SHA-256: ebaa43e211e3c5fe38389a6f3cca9beb330b2d4a7202d1cf4afaa8bc6aaacbdd
    Size: 386.50 kB
  4. bind-export-libs-9.11.4-16.P2.2.0.1.el7.AXS7.x86_64.rpm
    MD5: f090eca1ceb84f21f39140fa532bf0b3
    SHA-256: 373478d77fc1470743ac4794d1b7d2ae2aa96465f195f5cd3a9b6e2ab424b6ca
    Size: 1.09 MB
  5. bind-libs-9.11.4-16.P2.2.0.1.el7.AXS7.x86_64.rpm
    MD5: d43afb52106fe85a23654bbd39057b4d
    SHA-256: b1978f0ba234aab686ae5ef16026911dc46ccd606f16f2a1f055620ea9d9e456
    Size: 154.50 kB
  6. bind-libs-lite-9.11.4-16.P2.2.0.1.el7.AXS7.x86_64.rpm
    MD5: 93acd930bfa5544fb53d32718e1d011a
    SHA-256: 04849c994aec5dcf2187a438c9f5ef38d851ac08c6780535659e5404d83f0232
    Size: 1.12 MB
  7. bind-license-9.11.4-16.P2.2.0.1.el7.AXS7.noarch.rpm
    MD5: 93347d2afc6242cdb8b34c7556cc8f95
    SHA-256: 657f4aabeafefdb713f0e67e59fe457a6e74eb9681c6a3b3d8ebee7c058e6a00
    Size: 88.27 kB
  8. bind-pkcs11-9.11.4-16.P2.2.0.1.el7.AXS7.x86_64.rpm
    MD5: e89e53708a439395de0ec6148105c5a1
    SHA-256: a34500ec4b5a8cc094bd2f90fcc498fe5c9541dd1ff555c785544787346e6b05
    Size: 359.48 kB
  9. bind-pkcs11-libs-9.11.4-16.P2.2.0.1.el7.AXS7.x86_64.rpm
    MD5: 13546905e40aac4177989edbef0e14d5
    SHA-256: 578b8955e35286ccd16061a9c77baba40d455793a98cbeb780431a2a986f535d
    Size: 1.07 MB
  10. bind-pkcs11-utils-9.11.4-16.P2.2.0.1.el7.AXS7.x86_64.rpm
    MD5: 3f2f26811ae3c82458db2a1043d13d06
    SHA-256: 7cff7eae78a3ac0b3b8be36d3f47e7c6868a1d2947a53127a0aaa0806ebbdcde
    Size: 206.68 kB
  11. bind-utils-9.11.4-16.P2.2.0.1.el7.AXS7.x86_64.rpm
    MD5: 96fb48e60b58384a80c3d9e2f261a81a
    SHA-256: 2879ff8a0fbc7c4d77b6f52f28b3e083a1d826f743a61c06eb0482a1a438ba09
    Size: 258.04 kB
  12. bind-libs-9.11.4-16.P2.2.0.1.el7.AXS7.i686.rpm
    MD5: beb1b02e8e7aa0f03fabb371b1c75510
    SHA-256: fbc83fe429f9f8f8fa0ee567545b8c90ef2e98ee3cbf10f4411e49a263ce94a9
    Size: 153.75 kB
  13. bind-libs-lite-9.11.4-16.P2.2.0.1.el7.AXS7.i686.rpm
    MD5: b1a4288b81b2cb811c338851031ebb30
    SHA-256: 65941e163c17dbdd9a6305320deb7af5596c20cafa6957040be6db9855e875ea
    Size: 1.10 MB
  14. bind-pkcs11-libs-9.11.4-16.P2.2.0.1.el7.AXS7.i686.rpm
    MD5: 07fecb7e5d1c6bed8b36404fb62751f9
    SHA-256: fc56f4166aa515f42cbad2257065dabf3de0286b1da72717406fb2a80dcec7a2
    Size: 1.05 MB
Copyright© 2007-2015 Asianux. All rights reserved.