-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Security release

Addresses CVE-2015-5986 and CVE-2015-5722 - here are the packets for CentOS

Summary of the security fixes:

CVE: CVE-2015-5986

Description:
An incorrect boundary check in openpgpkey_61.c can cause named to terminate due to a REQUIRE assertion failure.  This defect can be deliberately exploited by an attacker who can provide a maliciously constructed response in answer to a query.

Impact:
A server which encounters this error will terminate due to a REQUIRE assertion failure, resulting in denial of service to clients. 

Recursive servers are at greatest risk from this defect but some circumstances may exist in which the attack can be successfully exploited against an authoritative server.  Servers should be upgraded to a fixed version.
 
CVE: CVE-2015-5722

Description:
Parsing a malformed DNSSEC key can cause a validating resolver to exit due to a failed assertion in buffer.c.  It is possible for a remote attacker to deliberately trigger this condition, for example by using a query which requires a response from a zone containing a deliberately malformed key.

Impact:
Recursive servers are at greatest risk but an authoritative server could be affected if an attacker controls a zone the server must query against to perform its zone service.

Servers which are affected may terminate with an assertion failure, causing denial of service to all clients.

The files are available in the file repository 9.10.2-P4, 9.9.7-P3.

Import GPG Key

rpm --import http://bkraft.fr/files/RPM%20stuff/RPM-GPG-KEY-benjaminkraft

File listing for 9.10.2-P4

http://bkraft.fr/files/RPM%20stuff/bind-9.10.2-P4.el6.x86_64
[  83]  noarch
	[8.2M]  bind-9.10.2-P4.el6.src.rpm
	[ 71K]  bind-license-9.10.2-P4.el6.noarch.rpm
[4.0K]  x86_64
	[2.7M]  bind-9.10.2-P4.el6.x86_64.rpm
	[ 70K]  bind-chroot-9.10.2-P4.el6.x86_64.rpm
	[4.9M]  bind-debuginfo-9.10.2-P4.el6.x86_64.rpm
	[442K]  bind-devel-9.10.2-P4.el6.x86_64.rpm
	[1.0M]  bind-libs-9.10.2-P4.el6.x86_64.rpm
	[ 69K]  bind-lite-devel-9.10.2-P4.el6.x86_64.rpm
	[ 86K]  bind-pkcs11-9.10.2-P4.el6.x86_64.rpm
	[341K]  bind-sdb-9.10.2-P4.el6.x86_64.rpm
	[212K]  bind-utils-9.10.2-P4.el6.x86_64.rpm

Download everything

for i in noarch/bind-license-9.10.2-P4.el6.noarch.rpm x86_64/bind-9.10.2-P4.el6.x86_64.rpm x86_64/bind-chroot-9.10.2-P4.el6.x86_64.rpm x86_64/bind-debuginfo-9.10.2-P4.el6.x86_64.rpm x86_64/bind-devel-9.10.2-P4.el6.x86_64.rpm x86_64/bind-libs-9.10.2-P4.el6.x86_64.rpm x86_64/bind-libs-lite-9.10.2-P4.el6.x86_64.rpm x86_64/bind-lite-devel-9.10.2-P4.el6.x86_64.rpm x86_64/bind-pkcs11-9.10.2-P4.el6.x86_64.rpm x86_64/bind-sdb-9.10.2-P4.el6.x86_64.rpm x86_64/bind-utils-9.10.2-P4.el6.x86_64.rpm;
do
	wget http://bkraft.fr/files/RPM%20stuff/bind-9.10.2-P4.el6.x86_64/$i
done

File listing for 9.9.7-P3

http://bkraft.fr/files/RPM%20stuff/bind-9.9.7-P3.el6.x86_64
[  81]  noarch
	[7.7M]  bind-9.9.7-P3.el6.src.rpm
	[ 71K]  bind-license-9.9.7-P3.el6.noarch.rpm
[4.0K]  x86_64
	[2.5M]  bind-9.9.7-P3.el6.x86_64.rpm
	[ 70K]  bind-chroot-9.9.7-P3.el6.x86_64.rpm
	[5.6M]  bind-debuginfo-9.9.7-P3.el6.x86_64.rpm
	[408K]  bind-devel-9.9.7-P3.el6.x86_64.rpm
	[973K]  bind-libs-9.9.7-P3.el6.x86_64.rpm
	[687K]  bind-libs-lite-9.9.7-P3.el6.x86_64.rpm
	[295K]  bind-lite-devel-9.9.7-P3.el6.x86_64.rpm
	[ 83K]  bind-pkcs11-9.9.7-P3.el6.x86_64.rpm
	[323K]  bind-sdb-9.9.7-P3.el6.x86_64.rpm
	[188K]  bind-utils-9.9.7-P3.el6.x86_64.rpm

Download everything

for i in noarch/bind-license-9.9.7-P3.el6.noarch.rpm x86_64/bind-9.9.7-P3.el6.x86_64.rpm x86_64/bind-chroot-9.9.7-P3.el6.x86_64.rpm x86_64/bind-debuginfo-9.9.7-P3.el6.x86_64.rpm x86_64/bind-devel-9.9.7-P3.el6.x86_64.rpm x86_64/bind-libs-9.9.7-P3.el6.x86_64.rpm x86_64/bind-libs-lite-9.9.7-P3.el6.x86_64.rpm x86_64/bind-lite-devel-9.9.7-P3.el6.x86_64.rpm x86_64/bind-pkcs11-9.9.7-P3.el6.x86_64.rpm x86_64/bind-sdb-9.9.7-P3.el6.x86_64.rpm x86_64/bind-utils-9.9.7-P3.el6.x86_64.rpm;
do
	wget http://bkraft.fr/files/RPM%20stuff/bind-9.9.7-P3.el6.x86_64/$i
done

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJW5eRPAAoJEBeKS2x6xuR7CD4P/2utwnDzHMxQDsT+RIkxX6gX
RBgOKcYrLdk+Hnl+1c4jcV/k07O8OSABVnM5Dqr/5idMoKSoa30tmKG6vSqp6OOu
vdWLzW8q8ygKqRT4pa3xeO8Usb1lPifH6CtqH+WWraIsd+1FxyzzS7seGpud8vbm
MnW2Z7J16PmXvgw03sMR9Fa8RDqHT4vvBjyS9JYQ4qIQ9UsmzVfmYSKWW9l92jHY
d50ukeYGg/98nv3E6GMMyAkPPtdVLZctrK93M8it6RmqXk5er0GGipRTddUIFDhn
nTloa5yft8m0eJZBirGAbNRLegaAaPrzE5liMdt6NMFumVumF3e8YMefpT3eD7Zs
V80tMJid1Sbc7oZNerqdOBMxhB3KPiCg4M9S0SIWIjxwv5WSKif9V2DonO6B8lBj
zQOXfu60Ze3B3uwaeFfAY31Q2OCGP1TDCSONAnB0Dgf/EkqKRdz+LHXoz5pxgNLx
L3bzI0qNe6B8p5dkOpBNntWP/QrzspAGr3s8jrceAmxFXn0FHzVawX/KoLuf+8jK
0Ky/SzNZSJ3uTtluvG7IEzZjachJJC6J6aAd8myjqTg2YiKsw0H/Hpo6pmTd6nSB
hsGALWCCQHhcOlbDHBBa7U3eFbHmCKuMy59PHPNxxTaE3thQQfOPX7y9+WdXbXW4
fWUMHEQoOqVGsp5ZNQgu
=amrx
-----END PGP SIGNATURE-----

Hint: To validate signature, please view page source and copy html code between BEGIN PGP Signed message and END PGP Signature anchors.

Created the 2015-09-03

Share this


Replacement notice

×

This package has been replaced by a new version of the software.

refer to Bind 9.10.2-P4, Bind 9.9.7-P3 for CentOS 6

Resources

10 last articles

blog comments powered by Disqus