-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Security release

Addresses CVE-2014-8500, CVE-2014-8680 and GeoIP - here are the packets for CentOS

Description (applies to 9.10.1-P1 and 9.9.6-P1)

A flaw in delegation handling could be exploited to put named
into an infinite loop, in which each lookup of a name server
triggered additional lookups of more name servers. This has
been addressed by placing limits on the number of levels of
recursion named will allow (default 7), and on the number
of queries that it will send before terminating a recursive
query (default 50). The recursion depth limit is configured
via the max-recursion-depth option, and the query limit via
the max-recursion-queries option. The flaw was discovered
by Florian Maury of ANSSI. For more information, see the
security advisory at https://kb.isc.org/article/AA-01216/.
[CVE-2014-8500] [RT #37580] (**)

Description (applies to 9.10.1-P1 only)

Two separate problems were identified in BIND’s GeoIP code
that could lead to an assertion failure. One was triggered
by use of both IPv4 and IPv6 address families, the other by
referencing a GeoIP database in named.conf which was not
installed. ISC would like to thank Felipe Ecker for his
help discovering these vulnerabilities. For more information,
see the security advisory at https://kb.isc.org/article/AA-01217/.
[CVE-2014-8680] [RT #37672] [RT #37679] (**)
A less serious security flaw was also found in GeoIP: changes
to the geoip-directory option in named.conf may be incomplete
when running rndc reconfig, rndc reload, or sending SIGHUP
to named. In theory, this could allow named to allow access
to unintended clients or serve wrong data based on geolocation
configuration. [RT #37720] (**)

The files are available in the file repository 9.10.1-P1, 9.9.6-P1.

Import GPG Key

rpm --import http://bkraft.fr/files/RPM%20stuff/RPM-GPG-KEY-benjaminkraft

File listing for 9.10.1-P1

http://bkraft.fr/files/RPM%20stuff/bind-9.10.1-P1.el6.x86_64
[  83]  noarch
	[8.1M]  bind-9.10.1-P1.el6.src.rpm
	[ 71K]  bind-license-9.10.1-P1.el6.noarch.rpm
[4.0K]  x86_64
	[2.6M]  bind-9.10.1-P1.el6.x86_64.rpm
	[ 70K]  bind-chroot-9.10.1-P1.el6.x86_64.rpm
	[4.9M]  bind-debuginfo-9.10.1-P1.el6.x86_64.rpm
	[441K]  bind-devel-9.10.1-P1.el6.x86_64.rpm
	[1.0M]  bind-libs-9.10.1-P1.el6.x86_64.rpm
	[ 69K]  bind-lite-devel-9.10.1-P1.el6.x86_64.rpm
	[ 86K]  bind-pkcs11-9.10.1-P1.el6.x86_64.rpm
	[340K]  bind-sdb-9.10.1-P1.el6.x86_64.rpm
	[212K]  bind-utils-9.10.1-P1.el6.x86_64.rpm

Download everything

for i in noarch/bind-license-9.10.1-P1.el6.noarch.rpm x86_64/bind-9.10.1-P1.el6.x86_64.rpm x86_64/bind-chroot-9.10.1-P1.el6.x86_64.rpm x86_64/bind-debuginfo-9.10.1-P1.el6.x86_64.rpm x86_64/bind-devel-9.10.1-P1.el6.x86_64.rpm x86_64/bind-libs-9.10.1-P1.el6.x86_64.rpm x86_64/bind-libs-lite-9.10.1-P1.el6.x86_64.rpm x86_64/bind-lite-devel-9.10.1-P1.el6.x86_64.rpm x86_64/bind-pkcs11-9.10.1-P1.el6.x86_64.rpm x86_64/bind-sdb-9.10.1-P1.el6.x86_64.rpm x86_64/bind-utils-9.10.1-P1.el6.x86_64.rpm;
do
	wget http://bkraft.fr/files/RPM%20stuff/bind-9.10.1-P1.el6.x86_64/$i
done

File listing for 9.9.6-P1

http://bkraft.fr/files/RPM%20stuff/bind-9.9.6-P1.el6.x86_64
[  81]  noarch
	[7.5M]  bind-9.9.6-P1.el6.src.rpm
	[ 71K]  bind-license-9.9.6-P1.el6.noarch.rpm
[4.0K]  x86_64
[2.5M]  bind-9.9.6-P1.el6.x86_64.rpm
	[ 70K]  bind-chroot-9.9.6-P1.el6.x86_64.rpm
	[5.6M]  bind-debuginfo-9.9.6-P1.el6.x86_64.rpm
	[408K]  bind-devel-9.9.6-P1.el6.x86_64.rpm
	[970K]  bind-libs-9.9.6-P1.el6.x86_64.rpm
	[685K]  bind-libs-lite-9.9.6-P1.el6.x86_64.rpm
	[295K]  bind-lite-devel-9.9.6-P1.el6.x86_64.rpm
	[ 83K]  bind-pkcs11-9.9.6-P1.el6.x86_64.rpm
	[322K]  bind-sdb-9.9.6-P1.el6.x86_64.rpm
	[188K]  bind-utils-9.9.6-P1.el6.x86_64.rpm

Download everything

for i in noarch/bind-license-9.9.6-P1.el6.noarch.rpm x86_64/bind-9.9.6-P1.el6.x86_64.rpm x86_64/bind-chroot-9.9.6-P1.el6.x86_64.rpm x86_64/bind-debuginfo-9.9.6-P1.el6.x86_64.rpm x86_64/bind-devel-9.9.6-P1.el6.x86_64.rpm x86_64/bind-libs-9.9.6-P1.el6.x86_64.rpm x86_64/bind-libs-lite-9.9.6-P1.el6.x86_64.rpm x86_64/bind-lite-devel-9.9.6-P1.el6.x86_64.rpm x86_64/bind-pkcs11-9.9.6-P1.el6.x86_64.rpm x86_64/bind-sdb-9.9.6-P1.el6.x86_64.rpm x86_64/bind-utils-9.9.6-P1.el6.x86_64.rpm;
do
	wget http://bkraft.fr/files/RPM%20stuff/bind-9.9.6-P1.el6.x86_64/$i
done

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJW5eRPAAoJEBeKS2x6xuR74y0P/3fGJswAUI9Km/Qo1/15Maz6
sZtx3eg1tpj2OgC35+YpiNgRVeGaWzhw8i6q6ERr9cxr7HYm3QZIodpSTjQCZtSX
onYhl2FE9W0cZyWFLOaR8R66SfCd15K2VPwEv1Nz7WXReQmXGfQXvWWk41fDex1C
0//47+FiM7PO2G0HpX00qlIT8mVegAe60AHZAOsjDCdVd4HYho7zkTlTX/y5dpdI
vNiJLeIZ9izKDtetng+mEmmhWUO2JyWy+Th6PRez4X//duTOyVaqU9IHorbgogO2
jP+7/Y9rmv6hV6AtkOak2o+KLyFsY25AnM9EADUYLk+PwIwtghKTfePU6FoqrKGz
QephzDiqqO/seUQHjm8V780XMUCFM8Jr+t1KHF3wsu5DXFGiNOr38Tj+8RwPG0Yg
JH0hthW8imoCTJXidwXdK5VRRfYTYWtqsOocUdPXOfBSPoJBnbXWk5NtT8stEWd8
VBqQqtmo30AHsH9NYFxVPpmnJmVzhT6Ac8VP6CUCR1+D2bxilIlmKfSFBA32wz4n
/YK3+HlV0+r+OCpzDcMMEYWfDA2EDlds17GYmb27gz4oDFBDY2Br1AvGuTUHsPM8
q0YBxUe2UBjvDEOVIF22d4lDrosbSwG/5VXcpIXtYj9fDLYtZfG1royvb0YeHGsa
fxII8jPU1g0cmamhgd+S
=LTXt
-----END PGP SIGNATURE-----

Hint: To validate signature, please view page source and copy html code between BEGIN PGP Signed message and END PGP Signature anchors.

Created the 2014-12-29

Share this


Replacement notice

×

This package has been replaced by a new version of the software.

refer to Bind 9.10.1-P2, Bind 9.9.6-P2 for CentOS 6

Resources

10 last articles

blog comments powered by Disqus