bind-9.3.4-10.P1.1AXS3

BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly.
Fixed bugs:
CVE-2007-6283
Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.
CVE-2008-0122
Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
CVE-2008-1447
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Other bugs:
- Accepts krb5-self and krb5-subdomain update-policy matches
- Added configtest to usage report from named initscript
- Added GSS-TSIG support to named
- Added GSS-TSIG support to nsupdate
- bind-chroot update now honours user defined chroot directory
- bind-sdb scripplet sets /etc/openldap/slapd.conf ownership correcly
- Checks DSA_do_verify returns value correctly
- Does not call restorecon on chroot/proc
- Does not crash when some subdomain are used as a rndc reload argument
- Fixed building of SDB stuff
- Fixed ${chroot}/dev/random SELinux labelling
- Fixed named.log sync in bind-chroot-admin
- Fixed a race condition during DBUS initialization
- Fixed rndc stop return value handler
- Fixed wrong perms of named's ldap schema
- initscript LSD standardization
- Minor changes in initscript
- Removed query-source{,-v6} option from caching-nameserver.conf
- Now return a nonzero value from initscript when named fails to reload
- Revised the permissions of executables and scripts
- Set the open files limit to unlimited by default as described in documentation
- Supressed errors from chroot's specfile scripts
- Updated L.ROOT-SERVERS.NET address in lib/dns/rootns.c file
- Updated named.root zone to affect root IPv6 migration