-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Freshly built because of CVE-2012-3868 and CVE-2012-3817 !

For those searching bind 9.9.1-P2 and 9.8.3-P2 for CentOS, here it is.

The 24th of July, the ISC team released , which is a security update due to a critical problem (taken from the CVEs):

Description CVE-2012-3868: BIND 9 tracks incoming queries using a structure called “ns_client”. When a query has been answered and the ns_client structure is no longer needed, it is stored on a queue of inactive ns_clients. When a new ns_client is needed to service a new query, the queue is checked to see if any inactive ns_clients are available before a new one is allocated; this speeds up the system by avoiding unnecessary memory allocations and de-allocations. However, when the queue is empty, and one thread inserts an ns_client into it while another thread attempts to remove it, a race bug could cause the ns_client to be lost; since the queue would appear empty in that case, a new ns_client would be allocated from memory. This condition occurred very infrequently with UDP queries but much more frequently under high TCP query loads; over time, the number of allocated but misplaced ns_client objects could grow large enough to affect system performance, and could trigger an automatic shutdown of the named process on systems with an “OOM killer” (out of memory killer) mechanism.


Description CVE-2012-3817: BIND 9 stores a cache of query names that are known to be failing due to misconfigured name servers or a broken chain of trust. Under high query loads when DNSSEC validation is active, it is possible for a condition to arise in which data from this cache of failing queries could be used before it was fully initialized, triggering an assertion failure. This bug cannot be encountered unless your server is doing DNSSEC validation. Please Note: Versions of BIND 9.4 and 9.5 are also affected, but these branches are beyond their “end of life” (EOL) and no longer receive testing or security fixes from ISC. For current information on which versions are actively supported, please see http://www.isc.org/software/bind/versions

The files are available in the file repository 9.9.1-P2, 9.8.3-P2.

Import GPG Key

rpm --import http://bkraft.fr/files/RPM%20stuff/RPM-GPG-KEY-benjaminkraft

File listing for 9.9.1-P2

http://bkraft.fr/files/RPM%20stuff/bind-9.9.1-P2.el6.x86_64/
|-- [ 512]  noarch
|   |-- [7.0M]  bind-9.9.1-P2.el6.src.rpm
|   `-- [ 71K]  bind-license-9.9.1-P2.el6.noarch.rpm
 `-- [ 512]  x86_64
    |-- [2.3M]  bind-9.9.1-P2.el6.x86_64.rpm
    |-- [ 70K]  bind-chroot-9.9.1-P2.el6.x86_64.rpm
    |-- [5.1M]  bind-debuginfo-9.9.1-P2.el6.x86_64.rpm
    |-- [374K]  bind-devel-9.9.1-P2.el6.x86_64.rpm
    |-- [893K]  bind-libs-9.9.1-P2.el6.x86_64.rpm
    |-- [632K]  bind-libs-lite-9.9.1-P2.el6.x86_64.rpm
    |-- [290K]  bind-lite-devel-9.9.1-P2.el6.x86_64.rpm
    |-- [ 83K]  bind-pkcs11-9.9.1-P2.el6.x86_64.rpm
    |-- [305K]  bind-sdb-9.9.1-P2.el6.x86_64.rpm
    `-- [182K]  bind-utils-9.9.1-P2.el6.x86_64.rpm

Download everything

for i in noarch/bind-license-9.9.1-P2.el6.noarch.rpm x86_64/bind-9.9.1-P2.el6.x86_64.rpm x86_64/bind-chroot-9.9.1-P2.el6.x86_64.rpm x86_64/bind-debuginfo-9.9.1-P2.el6.x86_64.rpm x86_64/bind-devel-9.9.1-P2.el6.x86_64.rpm x86_64/bind-libs-9.9.1-P2.el6.x86_64.rpm x86_64/bind-libs-lite-9.9.1-P2.el6.x86_64.rpm x86_64/bind-lite-devel-9.9.1-P2.el6.x86_64.rpm x86_64/bind-pkcs11-9.9.1-P2.el6.x86_64.rpm x86_64/bind-sdb-9.9.1-P2.el6.x86_64.rpm x86_64/bind-utils-9.9.1-P2.el6.x86_64.rpm;
do
	wget http://bkraft.fr/files/RPM%20stuff/bind-9.9.1-P2.el6.x86_64/$i
done

File listing for 9.8.3-P2

http://bkraft.fr/files/RPM%20stuff/bind-9.8.3-P2.el6.x86_64/
|-- [ 512]  noarch
|   |-- [6.9M]  bind-9.8.3-P2.el6.src.rpm
|   `-- [ 71K]  bind-license-9.8.3-P2.el6.noarch.rpm
 `-- [ 512]  x86_64
    |-- [528K]  bind-9.8.3-P2.el6.x86_64.rpm
    |-- [ 70K]  bind-chroot-9.8.3-P2.el6.x86_64.rpm
    |-- [5.0M]  bind-debuginfo-9.8.3-P2.el6.x86_64.rpm
    |-- [370K]  bind-devel-9.8.3-P2.el6.x86_64.rpm
    |-- [870K]  bind-libs-9.8.3-P2.el6.x86_64.rpm
    |-- [627K]  bind-libs-lite-9.8.3-P2.el6.x86_64.rpm
    |-- [288K]  bind-lite-devel-9.8.3-P2.el6.x86_64.rpm
    |-- [ 83K]  bind-pkcs11-9.8.3-P2.el6.x86_64.rpm
    |-- [306K]  bind-sdb-9.8.3-P2.el6.x86_64.rpm
    `-- [181K]  bind-utils-9.8.3-P2.el6.x86_64.rpm

Download everything

for i in noarch/bind-license-9.8.3-P2.el6.noarch.rpm x86_64/bind-9.8.3-P2.el6.x86_64.rpm x86_64/bind-chroot-9.8.3-P2.el6.x86_64.rpm x86_64/bind-debuginfo-9.8.3-P2.el6.x86_64.rpm x86_64/bind-devel-9.8.3-P2.el6.x86_64.rpm x86_64/bind-libs-9.8.3-P2.el6.x86_64.rpm x86_64/bind-libs-lite-9.8.3-P2.el6.x86_64.rpm x86_64/bind-lite-devel-9.8.3-P2.el6.x86_64.rpm x86_64/bind-pkcs11-9.8.3-P2.el6.x86_64.rpm x86_64/bind-sdb-9.8.3-P2.el6.x86_64.rpm x86_64/bind-utils-9.8.3-P2.el6.x86_64.rpm;
do
	wget http://bkraft.fr/files/RPM%20stuff/bind-9.8.3-P2.el6.x86_64/$i
done

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJW5eRQAAoJEBeKS2x6xuR7SI0QAIOg/j7OBGnbLalrGVpBVJlW
yovFOzpVlricde43tO0NXzmWxia7WJXsN48dmUKSoM4cq+XZoZtc8LRti4Frp68o
J0G4q143jw2oON2+yRsMRvTwcMwIJoNIQm1A3QrgxEtoiUdS7JoIcZ+tlz/Yg3zD
yNES37QtmYj6gV4gb0mbovsyekZrfuwFJTZ2syZIMuT7T3XXzSpI43ke1TU/GJJb
Ux1cDKO8ne39uuWAcIb75tVxwsorpH7hScpiQkpWxFMzW5XGk6ycrygs0FC5a1n4
c5fVfFV+nUCEfQVxQHnH5SNJUKvrQG3x/4++ejwY8j8I9tbkuzLrlBkU2y/UTPdv
ZBhc7xTA5sVmMq9EA9CXCvem1yNJXgGZRZ0/QxUQT8yGaXwQJsWNdOE19cSu8Ja4
qeTW0KKkdRE+vyvBdYbFcf5730Wzo/4Fc6olxw4PhZBtkVXzqD+HUXuWbiyFCWPZ
loF2ZJu7TK2z//2k2/QpyHdakXrVADEPVZ/iJNbpj4pvSwqjk/ohQ7t3pll70FaR
srTJILbHzQwUxkm5XCBP65Uxbok9g/7vqIME2cWJBKTJlavnoDwUcV7jsZyMm0k/
DYj6bX9uIHSFyikdrrgFECIlDy9cglTJrtbodp1u3vJkeGLWsB4+pt0h9aU7IbO2
Y9mu0SLV4i2rfO13U4uO
=O5lN
-----END PGP SIGNATURE-----

Hint: To validate signature, please view page source and copy html code between BEGIN PGP Signed message and END PGP Signature anchors.

Created the 2012-07-24

Share this


Replacement notice

×

This package has been replaced by a new version of the software.

refer to Bind 9.9.1-P3 and 9.8.3-P3 for CentOS 6

Resources

10 last articles

blog comments powered by Disqus