-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Security release addresses the security issues described in CVE-2016-1285, CVE-2016-1286 and CVE-2016-2088.

Bind 9.10.3-P4 for CentOS 7, here are the RPMs.

Security Fixes

CVE-2016-1285: Testing by ISC has uncovered a defect in control channel input handling which can cause named to exit due to an assertion failure in sexpr.c or alist.c when a malformed packet is sent to named's control channel (the interface which allows named to be controlled using the 'rndc" server control utility).
CVE-2016-1286: An error when parsing signature records for DNAME records having specific properties can lead to named exiting due to an assertion failure in resolver.c or db.c.
CVE-2016-2088: BIND 9.10 has preliminary support for DNS cookies (or source identity tokens), a proposed mechanism designed to allow lightweight transaction security between a querying party and a nameserver. An error in the BIND code implementing support for this optional feature permits a deliberately misconstructed packet containing multiple cookie options to cause named to terminate with an INSIST assertion failure in resolver.c if DNS cookie support is enabled in the server.  Only servers with DNS cookie support enabled at build time can be affected by this defect; in servers which do not have DNS cookie support selected any cookies encountered will be ignored as unknown option types.

The files are available in the file repository 9.10.3-P4.

Import GPG Key

rpm --import http://bkraft.fr/files/RPM%20stuff/RPM-GPG-KEY-benjaminkraft

File listing for 9.10.3-P4

http://bkraft.fr/files/RPM.el7/bind-9.10.3-4.el7.x86_64
[8.3M] | noarch
[8.2M] |--bind-9.10.3-4.el7.centos.src.rpm
[ 84K] `--bind-license-9.10.3-4.el7.centos.noarch.rpm
[ 14M] |x86_64
[1.8M] |--bind-9.10.3-4.el7.centos.x86_64.rpm
[ 85K] |--bind-chroot-9.10.3-4.el7.centos.x86_64.rpm
[8.4M] |--bind-debuginfo-9.10.3-4.el7.centos.x86_64.rpm
[159K] |--bind-devel-9.10.3-4.el7.centos.x86_64.rpm
[146K] |--bind-libs-9.10.3-4.el7.centos.x86_64.rpm
[1.0M] |--bind-libs-lite-9.10.3-4.el7.centos.x86_64.rpm
[358K] |--bind-lite-devel-9.10.3-4.el7.centos.x86_64.rpm
[315K] |--bind-pkcs11-9.10.3-4.el7.centos.x86_64.rpm
[103K] |--bind-pkcs11-devel-9.10.3-4.el7.centos.x86_64.rpm
[1006K] |--bind-pkcs11-libs-9.10.3-4.el7.centos.x86_64.rpm
[198K] |--bind-pkcs11-utils-9.10.3-4.el7.centos.x86_64.rpm
[371K] |--bind-sdb-9.10.3-4.el7.centos.x86_64.rpm
[ 85K] |--bind-sdb-chroot-9.10.3-4.el7.centos.x86_64.rpm
[396K] `--bind-utils-9.10.3-4.el7.centos.x86_64.rpm

Download everything

for i in noarch/bind-license-9.10.3-4.el7.noarch.rpm x86_64/bind-9.10.3-4.el7.x86_64.rpm x86_64/bind-chroot-9.10.3-4.el7.x86_64.rpm x86_64/bind-debuginfo-9.10.3-4.el7.x86_64.rpm x86_64/bind-devel-9.10.3-4.el7.x86_64.rpm x86_64/bind-libs-9.10.3-4.el7.x86_64.rpm x86_64/bind-libs-lite-9.10.3-4.el7.x86_64.rpm x86_64/bind-lite-devel-9.10.3-4.el7.x86_64.rpm x86_64/bind-pkcs11-9.10.3-4.el7.x86_64.rpm x86_64/bind-sdb-9.10.3-4.el7.x86_64.rpm x86_64/bind-utils-9.10.3-4.el7.x86_64.rpm;
do
	wget http://bkraft.fr/files/RPM.el7/bind-9.10.3-P4.el6.x86_64/$i
done

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJW5eRQAAoJEBeKS2x6xuR7CIsP/A+KDYDd1xGuyzmZghDxHpct
ECptznwemF/MwXQezn4S+rx1e3Y5BzCOtUUcVLSxoHp66DpfvgVxwX25xkpOvdUJ
rncefdFh5nU0mEjHH8Blxvvq5Mz/mFChfql8jGYpx2q0vvCwB02ZGyESrSiv4fdZ
hey1lmNNPranC2zeHMOrek9B15vDy2hy9eJ5tNqTDqLW/d1czNnQa1RuTjC1P7sR
uH6Wx0zdHYUbXC/wTGMAMFP+V9l0Qko6cfU7jrOWZtR0YHX6wHhksszp7NXHTHNr
sjBiOcdwAWKn4rqc2/Ye2GQCiEg1B3jMxsH/KgPSj+lIY+yDkdAeKIUfbzkmfYYY
xLc1pMLOOMCKGDGDX79nODv33/xhR+KLddBWcUta/JLp/3XC0UI+ztRrkWjGjQXg
FMX5ykEFcGGjmUSLiDlpqvfR0rMSqlqzvLcB+MK67c6Z0/A5oqLkcqc/ZrkD0PSK
NsPkMmTgaFRt710veZkiYDSHOL+RdWxqKF6Ytb9CIUjt5hbWAm+kFWXfLAt/RNn6
4ns84+40QF2KUbAQDqOz0SzxQj/0PtzmPOAlkswVmRDwvvOnS0M/OiE9RjnDGleD
LeN9VkVE4yykW/vPY5k1kHyl1kki3INXWMW12cos3EH8eGwyacD7lNS5yPa73zEy
IyCtu39N+rFyipvMx65P
=xK9d
-----END PGP SIGNATURE-----

Hint: To validate signature, please view page source and copy html code between BEGIN PGP Signed message and END PGP Signature anchors.

Created the 2016-03-13

Share this


Resources

10 last articles

blog comments powered by Disqus