ID

VAR-201207-0279

CVE

CVE-2012-3817

TITLE

ISC BIND Service disruption in ( Violation of representation and Daemon Exit) Vulnerabilities

DESCRIPTION

ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries. Juniper Networks Juniper Junos is a network operating system dedicated to the company's hardware systems by Juniper Networks. The operating system provides a secure programming interface and the Junos SDK. A remote denial of service vulnerability exists in Juniper Networks Junos. Attackers can use this vulnerability to exhaust session resources and deny legitimate users. ISC BIND is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause an assertion failure in the 'named' process, denying service to legitimate users. This issue may also be exploited to disclose certain memory information to clients. The following versions are affected: BIND 9.6-ESV-R1 through versions 9.6-ESV-R7-P1 BIND 9.7.1 through versions 9.7.6-P1 BIND 9.8.0 through versions 9.8.3-P1 BIND 9.9.0 through versions 9.9.1-P1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-12:05.bind Security Advisory The FreeBSD Project Topic: named(8) DNSSEC validation Denial of Service Category: contrib Module: bind Announced: 2012-08-06 Credits: Einar Lonn of IIS.se Affects: All supported versions of FreeBSD Corrected: 2012-08-06 21:33:11 UTC (RELENG_7, 7.4-STABLE) 2012-08-06 21:33:11 UTC (RELENG_7_4, 7.4-RELEASE-p10) 2012-07-24 19:04:35 UTC (RELENG_8, 8.3-STABLE) 2012-08-06 21:33:11 UTC (RELENG_8_3, 8.3-RELEASE-p4) 2012-08-06 21:33:11 UTC (RELENG_8_2, 8.2-RELEASE-p10) 2012-08-06 21:33:11 UTC (RELENG_8_1, 8.1-RELEASE-p13) 2012-07-24 22:32:03 UTC (RELENG_9, 9.1-PRERELEASE) 2012-08-06 21:33:11 UTC (RELENG_9_0, 9.0-RELEASE-p4) CVE Name: CVE-2012-3817 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://security.FreeBSD.org/>. DNS Security Extensions (DNSSEC) provides data integrity, origin authentication and authenticated denial of existence to resolvers. II. Problem Description BIND 9 stores a cache of query names that are known to be failing due to misconfigured name servers or a broken chain of trust. III. IV. Workaround No workaround is available, but systems not running the BIND resolving name server with dnssec-validation enabled are not affected. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE, or to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, or RELENG_9_0 security branch dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to FreeBSD 7.4, 8.3, 8.2, 8.1 and 9.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-12:05/bind.patch # fetch http://security.FreeBSD.org/patches/SA-12:05/bind.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/lib/bind/dns # make obj && make depend && make && make install # cd /usr/src/usr.sbin/named # make obj && make depend && make && make install 3) To update your vulnerable system via a binary patch: Systems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE, or 9.0-RELEASE on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 4) Install and run BIND from the Ports Collection after the correction date. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - ------------------------------------------------------------------------- RELENG_7 src/contrib/bind9/lib/dns/resolver.c 1.1.1.9.2.11 RELENG_7_4 src/UPDATING 1.507.2.36.2.12 src/sys/conf/newvers.sh 1.72.2.18.2.15 src/contrib/bind9/lib/dns/resolver.c 1.1.1.9.2.8.2.1 RELENG_8 src/contrib/bind9/CHANGES 1.9.2.15 src/contrib/bind9/lib/dns/resolver.c 1.3.2.6 src/contrib/bind9/lib/dns/zone.c 1.6.2.10 src/contrib/bind9/lib/isc/random.c 1.2.2.4 src/contrib/bind9/version 1.9.2.15 RELENG_8_3 src/UPDATING 1.632.2.26.2.6 src/sys/conf/newvers.sh 1.83.2.15.2.8 src/contrib/bind9/lib/dns/resolver.c 1.6.2.7.2.1 RELENG_8_2 src/UPDATING 1.632.2.19.2.12 src/sys/conf/newvers.sh 1.83.2.12.2.15 src/contrib/bind9/lib/dns/resolver.c 1.6.2.4.2.1 RELENG_8_1 src/UPDATING 1.632.2.14.2.16 src/sys/conf/newvers.sh 1.83.2.10.2.17 src/contrib/bind9/lib/dns/resolver.c 1.6.2.3.2.1 RELENG_9 src/contrib/bind9/CHANGES 1.21.2.5 src/contrib/bind9/lib/dns/resolver.c 1.15.2.3 src/contrib/bind9/lib/dns/zone.c 1.7.2.3 src/contrib/bind9/version 1.21.2.5 RELENG_9_0 src/UPDATING 1.702.2.4.2.6 src/sys/conf/newvers.sh 1.95.2.4.2.8 src/contrib/bind9/lib/dns/resolver.c 1.15.4.1 - ------------------------------------------------------------------------- Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/7/ r239108 releng/7.4/ r239108 stable/8/ r238749 releng/8.3/ r239108 releng/8.2/ r239108 releng/8.1/ r239108 stable/9/ r238756 releng/9.0/ r239108 - ------------------------------------------------------------------------- VII. The verification of md5 checksums and GPG signatures is performed automatically for you. For the stable distribution (squeeze), this problem has been fixed in version 1:9.7.3.dfsg-1~squeeze6. For the testing distribution (wheezy), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 1:9.8.1.dfsg.P1-4.2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2012:1123-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1123.html Issue date: 2012-07-31 CVE Names: CVE-2012-3817 ===================================================================== 1. Summary: Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. An uninitialized data structure use flaw was found in BIND when DNSSEC validation was enabled. (CVE-2012-3817) Users of bind are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 842897 - CVE-2012-3817 bind: heavy DNSSEC validation load can cause assertion failure 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind-9.3.6-20.P1.el5_8.2.src.rpm i386: bind-9.3.6-20.P1.el5_8.2.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.i386.rpm bind-libs-9.3.6-20.P1.el5_8.2.i386.rpm bind-sdb-9.3.6-20.P1.el5_8.2.i386.rpm bind-utils-9.3.6-20.P1.el5_8.2.i386.rpm x86_64: bind-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-libs-9.3.6-20.P1.el5_8.2.i386.rpm bind-libs-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-sdb-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-utils-9.3.6-20.P1.el5_8.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind-9.3.6-20.P1.el5_8.2.src.rpm i386: bind-chroot-9.3.6-20.P1.el5_8.2.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.i386.rpm bind-devel-9.3.6-20.P1.el5_8.2.i386.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.2.i386.rpm caching-nameserver-9.3.6-20.P1.el5_8.2.i386.rpm x86_64: bind-chroot-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-devel-9.3.6-20.P1.el5_8.2.i386.rpm bind-devel-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.2.i386.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.2.x86_64.rpm caching-nameserver-9.3.6-20.P1.el5_8.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/bind-9.3.6-20.P1.el5_8.2.src.rpm i386: bind-9.3.6-20.P1.el5_8.2.i386.rpm bind-chroot-9.3.6-20.P1.el5_8.2.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.i386.rpm bind-devel-9.3.6-20.P1.el5_8.2.i386.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.2.i386.rpm bind-libs-9.3.6-20.P1.el5_8.2.i386.rpm bind-sdb-9.3.6-20.P1.el5_8.2.i386.rpm bind-utils-9.3.6-20.P1.el5_8.2.i386.rpm caching-nameserver-9.3.6-20.P1.el5_8.2.i386.rpm ia64: bind-9.3.6-20.P1.el5_8.2.ia64.rpm bind-chroot-9.3.6-20.P1.el5_8.2.ia64.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.ia64.rpm bind-devel-9.3.6-20.P1.el5_8.2.ia64.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.2.ia64.rpm bind-libs-9.3.6-20.P1.el5_8.2.i386.rpm bind-libs-9.3.6-20.P1.el5_8.2.ia64.rpm bind-sdb-9.3.6-20.P1.el5_8.2.ia64.rpm bind-utils-9.3.6-20.P1.el5_8.2.ia64.rpm caching-nameserver-9.3.6-20.P1.el5_8.2.ia64.rpm ppc: bind-9.3.6-20.P1.el5_8.2.ppc.rpm bind-chroot-9.3.6-20.P1.el5_8.2.ppc.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.ppc.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.ppc64.rpm bind-devel-9.3.6-20.P1.el5_8.2.ppc.rpm bind-devel-9.3.6-20.P1.el5_8.2.ppc64.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.2.ppc.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.2.ppc64.rpm bind-libs-9.3.6-20.P1.el5_8.2.ppc.rpm bind-libs-9.3.6-20.P1.el5_8.2.ppc64.rpm bind-sdb-9.3.6-20.P1.el5_8.2.ppc.rpm bind-utils-9.3.6-20.P1.el5_8.2.ppc.rpm caching-nameserver-9.3.6-20.P1.el5_8.2.ppc.rpm s390x: bind-9.3.6-20.P1.el5_8.2.s390x.rpm bind-chroot-9.3.6-20.P1.el5_8.2.s390x.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.s390.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.s390x.rpm bind-devel-9.3.6-20.P1.el5_8.2.s390.rpm bind-devel-9.3.6-20.P1.el5_8.2.s390x.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.2.s390.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.2.s390x.rpm bind-libs-9.3.6-20.P1.el5_8.2.s390.rpm bind-libs-9.3.6-20.P1.el5_8.2.s390x.rpm bind-sdb-9.3.6-20.P1.el5_8.2.s390x.rpm bind-utils-9.3.6-20.P1.el5_8.2.s390x.rpm caching-nameserver-9.3.6-20.P1.el5_8.2.s390x.rpm x86_64: bind-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-chroot-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-devel-9.3.6-20.P1.el5_8.2.i386.rpm bind-devel-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.2.i386.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-libs-9.3.6-20.P1.el5_8.2.i386.rpm bind-libs-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-sdb-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-utils-9.3.6-20.P1.el5_8.2.x86_64.rpm caching-nameserver-9.3.6-20.P1.el5_8.2.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.2.src.rpm i386: bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-utils-9.8.2-0.10.rc1.el6_3.2.i686.rpm x86_64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.2.src.rpm i386: bind-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.2.i686.rpm x86_64: bind-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.2.src.rpm x86_64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.2.src.rpm x86_64: bind-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.2.src.rpm i386: bind-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-utils-9.8.2-0.10.rc1.el6_3.2.i686.rpm ppc64: bind-9.8.2-0.10.rc1.el6_3.2.ppc64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.2.ppc64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.ppc.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.ppc64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.ppc.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.ppc64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.2.ppc64.rpm s390x: bind-9.8.2-0.10.rc1.el6_3.2.s390x.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.2.s390x.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.s390.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.s390x.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.s390.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.s390x.rpm bind-utils-9.8.2-0.10.rc1.el6_3.2.s390x.rpm x86_64: bind-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.2.src.rpm i386: bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.2.i686.rpm ppc64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.ppc.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.ppc64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.ppc.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.ppc64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.2.ppc64.rpm s390x: bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.s390.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.s390x.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.s390.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.s390x.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.2.s390x.rpm x86_64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.2.src.rpm i386: bind-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-utils-9.8.2-0.10.rc1.el6_3.2.i686.rpm x86_64: bind-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.2.src.rpm i386: bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.2.i686.rpm x86_64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3817.html https://access.redhat.com/security/updates/classification/#important http://www.isc.org/software/bind/advisories/cve-2012-3817 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQF1jgXlSAg2UNWIIRAhfLAKC7IA3Vlbw8YTJSpY/DfKn7S81tIgCgq/b2 7PGAy2HFq2b2y+ASSTx67k0= =uM7c -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ============================================================================ Ubuntu Security Notice USN-1518-1 July 26, 2012 bind9 vulnerability ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS Summary: Bind could be made to crash if it received specially crafted network traffic. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: libdns81 1:9.8.1.dfsg.P1-4ubuntu0.2 Ubuntu 11.10: libdns69 1:9.7.3.dfsg-1ubuntu4.3 Ubuntu 11.04: libdns69 1:9.7.3.dfsg-1ubuntu2.5 Ubuntu 10.04 LTS: libdns64 1:9.7.0.dfsg.P1-1ubuntu0.6 In general, a standard system update will make all the necessary changes

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

input validation

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Einar Lonn

SOURCES

LAST UPDATE DATE

2025-12-22T20:16:49.151000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE