bind-9.3.6-4.P1.2.1.AXS3

エラータID: AXSA:2010-77:01

Release date: 
Thursday, January 28, 2010 - 14:19
Subject: 
bind-9.3.6-4.P1.2.1.AXS3
Affected Channels: 
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity: 
High
Description: 

BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly.
Security issues fixed with this release:
CVE-2010-0097
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.
CVE-2010-0290
Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022.

Solution: 

Update packages.

CVEs: 
CVE-2010-0097
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.
CVE-2010-0290
Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022.
Additional Info: 

N/A

Download: 

SRPMS
  1. bind-9.3.6-4.P1.2.1.AXS3.src.rpm
    MD5: e40acd73b7d30f7e8fc75c3a65b83c0f
    SHA-256: db3443763610da2e26049e67781c04899aaa720c9e214a250248ee4e68d19ba6
    Size: 5.58 MB

Asianux Server 3 for x86
  1. bind-9.3.6-4.P1.2.1.AXS3.i386.rpm
    MD5: f7c637a36bf128b8d33804dd87958732
    SHA-256: 417a0dc802348c19005f6edb8932163554e943f9b7c07726aba4c9d4c90a85d8
    Size: 0.96 MB
  2. bind-chroot-9.3.6-4.P1.2.1.AXS3.i386.rpm
    MD5: 8a252a0e59fd5c0746d5e5ab12f83cfa
    SHA-256: 79a1bea514e01ffe9139e207df2538352095424c24fe2bf09b34dcf4241346e5
    Size: 45.33 kB
  3. bind-devel-9.3.6-4.P1.2.1.AXS3.i386.rpm
    MD5: 1f8e334af65f07535a362dbf93867adb
    SHA-256: af0d095d038b2bc650fa27396d78a9be46e5ec9c2900d3b9dd6d1cfd1db3e528
    Size: 2.78 MB
  4. bind-libs-9.3.6-4.P1.2.1.AXS3.i386.rpm
    MD5: bbecb5593517c701f12f155613044980
    SHA-256: 130ea498aba8d7df60488dfd2aacff4d1798b79dab089f746243a5e53c476bb0
    Size: 857.97 kB
  5. bind-utils-9.3.6-4.P1.2.1.AXS3.i386.rpm
    MD5: dd4cf2f30f816a98af4199c17907ce43
    SHA-256: d630d1c9ce2b81506260aea9a16ad0aa1773af4c7f7138518af391f3650a77e4
    Size: 170.49 kB
  6. caching-nameserver-9.3.6-4.P1.2.1.AXS3.i386.rpm
    MD5: c9b7186708bb5f45dbc0ae281be7fc0c
    SHA-256: a586995958cc7316af9b8480d0d1285cd445ad8f1fa9e33e1e54aa912cdc1654
    Size: 61.55 kB

Asianux Server 3 for x86_64
  1. bind-9.3.6-4.P1.2.1.AXS3.x86_64.rpm
    MD5: 39a498fb5acd684193d4bb9153d34c4a
    SHA-256: 3d3498d8a54f3338061386c28b3a5ec6782d1089cb8378ed24423e09888fb1c9
    Size: 0.97 MB
  2. bind-chroot-9.3.6-4.P1.2.1.AXS3.x86_64.rpm
    MD5: 2585ea1b7f1fc0a10e161ff581d89c86
    SHA-256: fdddd3794ac8a8ff8c6d237663858e56b75d5af7617d391eaa2c38413110ce4e
    Size: 45.30 kB
  3. bind-devel-9.3.6-4.P1.2.1.AXS3.x86_64.rpm
    MD5: 4fdb8c6558270bf140cedf785069eafb
    SHA-256: 104c271cc2255839d189ac84cd23580f398957d2b4707334cf2aee1ba532c54a
    Size: 2.80 MB
  4. bind-libs-9.3.6-4.P1.2.1.AXS3.x86_64.rpm
    MD5: ed822a380e1d7ddb0963e75bb1b12018
    SHA-256: 0a5377cb1f2519f1175c3538c669937c87952fe91ec9a3abb3bc84eedc6a688b
    Size: 891.00 kB
  5. bind-utils-9.3.6-4.P1.2.1.AXS3.x86_64.rpm
    MD5: 887c84deceaf778f510dc069499f2767
    SHA-256: e1a974df84ae44b96fedb8aa4b8b39d6c62526aedad817624d35d9a891c8f366
    Size: 176.35 kB
  6. caching-nameserver-9.3.6-4.P1.2.1.AXS3.x86_64.rpm
    MD5: 6ad0b66915f4b117084ca819cc957402
    SHA-256: b034251047f5fd8d3cb86d6abd8407a9edb146ee883e10264a914db4026082f1
    Size: 61.51 kB