-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Security release addresses the security issues described in CVE-2016-1285, CVE-2016-1286 and CVE-2016-2088.

Here are the packets for CentOS

Security Fixes

CVE-2016-1285: Testing by ISC has uncovered a defect in control channel input handling which can cause named to exit due to an assertion failure in sexpr.c or alist.c when a malformed packet is sent to named's control channel (the interface which allows named to be controlled using the 'rndc" server control utility).
CVE-2016-1286: An error when parsing signature records for DNAME records having specific properties can lead to named exiting due to an assertion failure in resolver.c or db.c.
CVE-2016-2088: BIND 9.10 has preliminary support for DNS cookies (or source identity tokens), a proposed mechanism designed to allow lightweight transaction security between a querying party and a nameserver. An error in the BIND code implementing support for this optional feature permits a deliberately misconstructed packet containing multiple cookie options to cause named to terminate with an INSIST assertion failure in resolver.c if DNS cookie support is enabled in the server.  Only servers with DNS cookie support enabled at build time can be affected by this defect; in servers which do not have DNS cookie support selected any cookies encountered will be ignored as unknown option types.

The files are available in the file repository 9.10.3-P4, 9.9.8-P4.

Import GPG Key

rpm --import http://bkraft.fr/files/RPM%20stuff/RPM-GPG-KEY-benjaminkraft

File listing for 9.10.3-P4

http://bkraft.fr/files/RPM%20stuff/bind-9.10.3-2.el6.x86_64
[4.0K]  noarch
[8.0M]  bind-9.10.3-2.el6.src.rpm
[ 71K]  bind-license-9.10.3-2.el6.noarch.rpm
[4.0K]  x86_64
     [2.6M]  bind-9.10.3-2.el6.x86_64.rpm
     [ 70K]  bind-chroot-9.10.3-2.el6.x86_64.rpm
     [4.8M]  bind-debuginfo-9.10.3-2.el6.x86_64.rpm
     [439K]  bind-devel-9.10.3-2.el6.x86_64.rpm
     [1.1M]  bind-libs-9.10.3-2.el6.x86_64.rpm
     [ 69K]  bind-lite-devel-9.10.3-2.el6.x86_64.rpm
     [ 86K]  bind-pkcs11-9.10.3-2.el6.x86_64.rpm
     [337K]  bind-sdb-9.10.3-2.el6.x86_64.rpm
     [211K]  bind-utils-9.10.3-2.el6.x86_64.rpm

Download everything

for i in noarch/bind-license-9.10.3-2.el6.noarch.rpm x86_64/bind-9.10.3-2.el6.x86_64.rpm x86_64/bind-chroot-9.10.3-2.el6.x86_64.rpm x86_64/bind-debuginfo-9.10.3-2.el6.x86_64.rpm x86_64/bind-devel-9.10.3-2.el6.x86_64.rpm x86_64/bind-libs-9.10.3-2.el6.x86_64.rpm x86_64/bind-libs-lite-9.10.3-2.el6.x86_64.rpm x86_64/bind-lite-devel-9.10.3-2.el6.x86_64.rpm x86_64/bind-pkcs11-9.10.3-2.el6.x86_64.rpm x86_64/bind-sdb-9.10.3-2.el6.x86_64.rpm x86_64/bind-utils-9.10.3-2.el6.x86_64.rpm;
do
	wget http://bkraft.fr/files/RPM%20stuff/bind-9.10.3-P4.el6.x86_64/$i
done

File listing for 9.9.8-P4

http://bkraft.fr/files/RPM%20stuff/bind-9.9.8-2.el6.x86_64
[4.0K]  noarch
[8.0M]  bind-9.9.8-2.el6.src.rpm
[ 71K]  bind-license-9.9.8-2.el6.noarch.rpm
[4.0K]  x86_64
     [2.6M]  bind-9.9.8-2.el6.x86_64.rpm
     [ 70K]  bind-chroot-9.9.8-2.el6.x86_64.rpm
     [4.8M]  bind-debuginfo-9.9.8-2.el6.x86_64.rpm
     [439K]  bind-devel-9.9.8-2.el6.x86_64.rpm
     [1.1M]  bind-libs-9.9.8-2.el6.x86_64.rpm
     [ 69K]  bind-lite-devel-9.9.8-2.el6.x86_64.rpm
     [ 86K]  bind-pkcs11-9.9.8-2.el6.x86_64.rpm
     [337K]  bind-sdb-9.9.8-2.el6.x86_64.rpm
     [211K]  bind-utils-9.9.8-2.el6.x86_64.rpm

Download everything

for i in noarch/bind-license-9.9.8-2.el6.noarch.rpm x86_64/bind-9.9.8-2.el6.x86_64.rpm x86_64/bind-chroot-9.9.8-2.el6.x86_64.rpm x86_64/bind-debuginfo-9.9.8-2.el6.x86_64.rpm x86_64/bind-devel-9.9.8-2.el6.x86_64.rpm x86_64/bind-libs-9.9.8-2.el6.x86_64.rpm x86_64/bind-libs-lite-9.9.8-2.el6.x86_64.rpm x86_64/bind-lite-devel-9.9.8-2.el6.x86_64.rpm x86_64/bind-pkcs11-9.9.8-2.el6.x86_64.rpm x86_64/bind-sdb-9.9.8-2.el6.x86_64.rpm x86_64/bind-utils-9.9.8-2.el6.x86_64.rpm;
do
	wget http://bkraft.fr/files/RPM%20stuff/bind-9.9.8-P4.el6.x86_64/$i
done

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJW5eRQAAoJEBeKS2x6xuR73rQP/AhqUNGjB9vgBA4ptslp9U14
Lx0IPZZsk0LdyUppbEjKGhgVeHRSbtHuRN9qL7mJJB3PJ3yLspLTw2UNgkjmLnCQ
n05reC8Kfep58kh3wlMrjl8AMMFeSgPCqXsGG1kbgP0zgRYDf0nqf0KRfhX4FH9X
Wc78xwmBlT+Ep3NidS2y3d2uqkkoLo9VUkF6mIJZ/qEC7KyWLM3s7JYps5VADvqj
Ri1or9lijAIk72KFkM4dxyOmu0TagEirf0lwbxJoyOswAZZ5YolSlnk7aTOTvXb7
mgXRW9EVvmwt5YcZ73/J1Nh2Ny0DydftKK1H1ri6qoVQ4y+agMNAWg+f8Vf9ckwo
iHKxPVR/zhHJe7wN+ov0aryy4AwAX1CZ0HMNhpwNFK9FIBy0lhE/6N7X8atvOmpY
kN8c7nUoMw5tCBmZND/hMZMG+h4b3kv7vCRBTqVmYCCTvjotjuDW59JgEJ8S7Lnz
qpnxQdW7ekoG04J1KJS6wJxBKA9l1WP5lSM5NHFiJBUjjUhFJeb86NBz1XLKqXFx
YWyqcK3QiAjC1ZJCP1IYNutfoxuvHHvOAQltoKoYBo+Nv+iak/bbZtnF+GaBBCWP
peOR/C7VmRaH22SkSBpS191Ch1EaimFBkUD1y4eX0ZXiKddWvT50V9dlkAtbAhNs
nTzUVw7QsX1DOv9LxUVM
=0XnU
-----END PGP SIGNATURE-----

Hint: To validate signature, please view page source and copy html code between BEGIN PGP Signed message and END PGP Signature anchors.

Created the 2016-03-10

Share this


Resources

10 last articles

blog comments powered by Disqus