SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
(CentOS Issues Fix) BIND Bug in 'buffer.c' Constructing Query Responses Lets Remote Users Cause the Target Service to Crash
SecurityTracker Alert ID:  1036912
SecurityTracker URL:  http://securitytracker.com/id/1036912
CVE Reference:   CVE-2016-2776   (Links to External Site)
Date:  Sep 28 2016
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.0.x - 9.8.x, 9.9.0 - 9.9.9-P2, 9.9.3-S1 - 9.9.9-S3, 9.10.0 - 9.10.4-P2, 9.11.0a1 - 9.11.0rc1
Description:   A vulnerability was reported in BIND. A remote user can cause the target service to crash.

A remote user can send a specially crafted query to trigger an error in 'buffer.c' in constructing a response to the query and cause the target service to crash.

Packets with a source address that does not match the 'allow-query' statement can also trigger this flaw.

Impact:   A remote user can cause the target service to crash.
Solution:   CentOS has issued a fix.

i386:
e550ae2cb13235b430a9a7b4dc6562a5b20acd834b9cbc6a6333133b7e6a8c2c bind-9.3.6-25.P1.el5_11.9.i386.rpm
23815d15dfe4fe9ae7e6a269ee87d455eb6f80d87e58482572833bfe06b524a2 bind-chroot-9.3.6-25.P1.el5_11.9.i386.rpm
e86f5ff45274b5e00681d48006b6c3a758b6444ef744350c904ef78ed738ac90 bind-devel-9.3.6-25.P1.el5_11.9.i386.rpm
644cf10c863dabd4cf7c13d6f9471f8fd43825db80ee150c398c66c07894b063 bind-libbind-devel-9.3.6-25.P1.el5_11.9.i386.rpm
a313e034274946fe697ab280c358ed9cadff849617b7e87c3f1a3d4e6ded7683 bind-libs-9.3.6-25.P1.el5_11.9.i386.rpm
243874b3f62f00cb23d922a250fe048686c60a30773781b7c0dca0f201fdc5fa bind-sdb-9.3.6-25.P1.el5_11.9.i386.rpm
7a369b41e57f3487620f21c9e069890d9c5eedc751df00a3efee9a8bdc08f0f6 bind-utils-9.3.6-25.P1.el5_11.9.i386.rpm
689bfd6c9dfca9b7d35afc26aea528803aa09fd593a4406215e1ea112a574677 caching-nameserver-9.3.6-25.P1.el5_11.9.i386.rpm

x86_64:
76cfe754b9b703e026cff04e2d9a27e98937bec5e4fa3197ecf28b97e14f1931 bind-9.3.6-25.P1.el5_11.9.x86_64.rpm
5169f40e97607df07128afb36e26db1b01b4326a54cc6dab399e16119b8d2be8 bind-chroot-9.3.6-25.P1.el5_11.9.x86_64.rpm
e86f5ff45274b5e00681d48006b6c3a758b6444ef744350c904ef78ed738ac90 bind-devel-9.3.6-25.P1.el5_11.9.i386.rpm
0d24851cf74e73b16c25983a8f6e31067fbdf30ab7840d0bc65e8f56869f6161 bind-devel-9.3.6-25.P1.el5_11.9.x86_64.rpm
644cf10c863dabd4cf7c13d6f9471f8fd43825db80ee150c398c66c07894b063 bind-libbind-devel-9.3.6-25.P1.el5_11.9.i386.rpm
6774b4b930ed059a8ed07cd11caca6c7ea1e1fb250664c9cd3a6433de6efefda bind-libbind-devel-9.3.6-25.P1.el5_11.9.x86_64.rpm
a313e034274946fe697ab280c358ed9cadff849617b7e87c3f1a3d4e6ded7683 bind-libs-9.3.6-25.P1.el5_11.9.i386.rpm
f09f915841dbc979833c73401df945d15b8d48aadafca8757b2d6292f780e2a8 bind-libs-9.3.6-25.P1.el5_11.9.x86_64.rpm
a388b995a846efa464f5e9fe5607e1e16fb09c8d5a870d76e90b4653d2ae53ae bind-sdb-9.3.6-25.P1.el5_11.9.x86_64.rpm
ad34ab78db96ba34e48745aa8da373cd76057d53c6c470f981dfce8e3e154d5e bind-utils-9.3.6-25.P1.el5_11.9.x86_64.rpm
b58dc378f5587a0845016ce2d0dd26ccca8e853583633a8e260c656b26fe8134 caching-nameserver-9.3.6-25.P1.el5_11.9.x86_64.rpm

Source:
490f356d0bfbc3c5d2c1cd5a151f37b2cf333a76850ef0b18cf2d074a26297d3 bind-9.3.6-25.P1.el5_11.9.src.rpm

i386:
14b0bbafb75f62a4036e01a61b1e3a10ba22292353235aacafd4d46f710f0b83 bind-9.8.2-0.47.rc1.el6_8.1.i686.rpm
e77a8b8d50175994c3b5eaf6cf86029fe3692068efca81b883d75a42baf287cc bind-chroot-9.8.2-0.47.rc1.el6_8.1.i686.rpm
0422a0d43fa1f587beb767dc1345b181dc080a42725a5341e097b2363139295b bind-devel-9.8.2-0.47.rc1.el6_8.1.i686.rpm
e92c9c46a02276482ec13498abc4145063a0e7a5dc1e8c93c7e05bdb8ce28e01 bind-libs-9.8.2-0.47.rc1.el6_8.1.i686.rpm
a3526ee41258d489e9fe53e4c45eb9827b803c6ce47b017969ab03b2628bb599 bind-sdb-9.8.2-0.47.rc1.el6_8.1.i686.rpm
57133039c0c78f6bbba7a153847769a22e46ea4866c6240ff5b039a708483ebb bind-utils-9.8.2-0.47.rc1.el6_8.1.i686.rpm

x86_64:
711754804cf8a23a41122eb331f7b0a5a8253a5bf4bc223dcc2a9afdb7fe75bf bind-9.8.2-0.47.rc1.el6_8.1.x86_64.rpm
6fa57348ba0d36dfca33d6a9d0a8c4a93ef1fccc3ce227c08e41d93e76e2485e bind-chroot-9.8.2-0.47.rc1.el6_8.1.x86_64.rpm
0422a0d43fa1f587beb767dc1345b181dc080a42725a5341e097b2363139295b bind-devel-9.8.2-0.47.rc1.el6_8.1.i686.rpm
9f3f2d56158a7cfd188b2a45f688f0884c69dd0d39f78406a140834bdde1e263 bind-devel-9.8.2-0.47.rc1.el6_8.1.x86_64.rpm
e92c9c46a02276482ec13498abc4145063a0e7a5dc1e8c93c7e05bdb8ce28e01 bind-libs-9.8.2-0.47.rc1.el6_8.1.i686.rpm
db56544d6df672a95f507e638bf7f3d0edc406b633114888c9e8da3aecf8f266 bind-libs-9.8.2-0.47.rc1.el6_8.1.x86_64.rpm
8b5f974fae2564829542b7e4f1e380f5434065aba0ce009c52ad6807eff9d487 bind-sdb-9.8.2-0.47.rc1.el6_8.1.x86_64.rpm
a08bc5bdfde32c88c4956ae05a1dc9700e5736cddf36c700f064f8fbd8db2b40 bind-utils-9.8.2-0.47.rc1.el6_8.1.x86_64.rpm

Source:
9ec80ba888e41898c3e50e68d522f424257ea7aaf343f15aa0a66dc20b7e0147 bind-9.8.2-0.47.rc1.el6_8.1.src.rpm

x86_64:
83413bca7e41a7798cef6763d5e44fdcef18a5b54f639f3261920485a44b717c bind-9.9.4-29.el7_2.4.x86_64.rpm
1a76c217e5caf3579dc798ba0107dd6bb308807a1b809a833eb846ba8cde651f bind-chroot-9.9.4-29.el7_2.4.x86_64.rpm
03a2653e14631a1e3d7ae0d4898bfd086abed88a992c1fbc8cd3c3bd2627900d bind-devel-9.9.4-29.el7_2.4.i686.rpm
51315ea441c94782b888783af0aab77673a6fbbf6c745bd856290dbea1ff6a1d bind-devel-9.9.4-29.el7_2.4.x86_64.rpm
07cb7aae10e7fe0864af0992ea878db2eba0cbe95ae7389d23a0f5d4e1f44af0 bind-libs-9.9.4-29.el7_2.4.i686.rpm
d0fa0c805d7655e469d61d762b23e1d67a80ecb083fc7062be4206972acd7fa8 bind-libs-9.9.4-29.el7_2.4.x86_64.rpm
525f06579cbf5ac12656eb8ab9c9db71a6c752ec4a1b587e5f3eec577ed8b904 bind-libs-lite-9.9.4-29.el7_2.4.i686.rpm
e505c3b156aed9abf7f9e2067c125fa7927d93cb7eb3934d20b50687203f691b bind-libs-lite-9.9.4-29.el7_2.4.x86_64.rpm
52ec808a834d678648d07c367c35a88145dc49f7ab0cbf8aec3df30fc86037cd bind-license-9.9.4-29.el7_2.4.noarch.rpm
43e172f0dff8fe241db7f10d9f889466a8c91a3fe8f5adf0575187599b57003e bind-lite-devel-9.9.4-29.el7_2.4.i686.rpm
ab56f53fd6ea201e9fd53ee947f24e9e2c0bf584d45c1df525ba3f004dbb367b bind-lite-devel-9.9.4-29.el7_2.4.x86_64.rpm
efc4bd97d4443ba537ee87523c2758116114b222e98a181dd26576e6b0acface bind-pkcs11-9.9.4-29.el7_2.4.x86_64.rpm
9492c47e8f8cf3899f94933846ace3b66ba608875fec46f23ee1ed877cb1f700 bind-pkcs11-devel-9.9.4-29.el7_2.4.i686.rpm
4e1315ab96b87611dcb1223fa5372356ce0388386cb717b133099291eef894b5 bind-pkcs11-devel-9.9.4-29.el7_2.4.x86_64.rpm
40c70a514325494f63d2e3dda7579b04bf0c4f233d9e2a114af8893e86459a0f bind-pkcs11-libs-9.9.4-29.el7_2.4.i686.rpm
ae9ed733848cbb815428b5f658e267c6ea5d917234708dc72c5378c976e426a2 bind-pkcs11-libs-9.9.4-29.el7_2.4.x86_64.rpm
03cb753af325022f0fd74b53cae5269271afd3e9d72955ce0d625ed3a637046a bind-pkcs11-utils-9.9.4-29.el7_2.4.x86_64.rpm
3f6a035ab4f28cc07b53ebd0d08180bc61770fc22063da7aff151ac9fd900c46 bind-sdb-9.9.4-29.el7_2.4.x86_64.rpm
7571846a525d0d4f7ee4ec9fd7c9e7a8a188e432f9ac8edabc601d544981a1c2 bind-sdb-chroot-9.9.4-29.el7_2.4.x86_64.rpm
bb7cffc09b99ced2319febbe3775c686efa265b2fc8cc5362cd7d5b36196a83a bind-utils-9.9.4-29.el7_2.4.x86_64.rpm

Source:
e805af290f6fbaa2f111f46f12e17583818e4b15f2be27dd8813fdc3e6a6d39b bind-9.9.4-29.el7_2.4.src.rpm

Cause:   Not specified
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  5, 6, 7

Message History:   This archive entry is a follow-up to the message listed below.
Sep 27 2016 BIND Bug in 'buffer.c' Constructing Query Responses Lets Remote Users Cause the Target Service to Crash



 Source Message Contents

Subject:  [CentOS-announce] CESA-2016:1944 Important CentOS 7 bind Security Update


CentOS Errata and Security Advisory 2016:1944 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-1944.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
83413bca7e41a7798cef6763d5e44fdcef18a5b54f639f3261920485a44b717c  bind-9.9.4-29.el7_2.4.x86_64.rpm
1a76c217e5caf3579dc798ba0107dd6bb308807a1b809a833eb846ba8cde651f  bind-chroot-9.9.4-29.el7_2.4.x86_64.rpm
03a2653e14631a1e3d7ae0d4898bfd086abed88a992c1fbc8cd3c3bd2627900d  bind-devel-9.9.4-29.el7_2.4.i686.rpm
51315ea441c94782b888783af0aab77673a6fbbf6c745bd856290dbea1ff6a1d  bind-devel-9.9.4-29.el7_2.4.x86_64.rpm
07cb7aae10e7fe0864af0992ea878db2eba0cbe95ae7389d23a0f5d4e1f44af0  bind-libs-9.9.4-29.el7_2.4.i686.rpm
d0fa0c805d7655e469d61d762b23e1d67a80ecb083fc7062be4206972acd7fa8  bind-libs-9.9.4-29.el7_2.4.x86_64.rpm
525f06579cbf5ac12656eb8ab9c9db71a6c752ec4a1b587e5f3eec577ed8b904  bind-libs-lite-9.9.4-29.el7_2.4.i686.rpm
e505c3b156aed9abf7f9e2067c125fa7927d93cb7eb3934d20b50687203f691b  bind-libs-lite-9.9.4-29.el7_2.4.x86_64.rpm
52ec808a834d678648d07c367c35a88145dc49f7ab0cbf8aec3df30fc86037cd  bind-license-9.9.4-29.el7_2.4.noarch.rpm
43e172f0dff8fe241db7f10d9f889466a8c91a3fe8f5adf0575187599b57003e  bind-lite-devel-9.9.4-29.el7_2.4.i686.rpm
ab56f53fd6ea201e9fd53ee947f24e9e2c0bf584d45c1df525ba3f004dbb367b  bind-lite-devel-9.9.4-29.el7_2.4.x86_64.rpm
efc4bd97d4443ba537ee87523c2758116114b222e98a181dd26576e6b0acface  bind-pkcs11-9.9.4-29.el7_2.4.x86_64.rpm
9492c47e8f8cf3899f94933846ace3b66ba608875fec46f23ee1ed877cb1f700  bind-pkcs11-devel-9.9.4-29.el7_2.4.i686.rpm
4e1315ab96b87611dcb1223fa5372356ce0388386cb717b133099291eef894b5  bind-pkcs11-devel-9.9.4-29.el7_2.4.x86_64.rpm
40c70a514325494f63d2e3dda7579b04bf0c4f233d9e2a114af8893e86459a0f  bind-pkcs11-libs-9.9.4-29.el7_2.4.i686.rpm
ae9ed733848cbb815428b5f658e267c6ea5d917234708dc72c5378c976e426a2  bind-pkcs11-libs-9.9.4-29.el7_2.4.x86_64.rpm
03cb753af325022f0fd74b53cae5269271afd3e9d72955ce0d625ed3a637046a  bind-pkcs11-utils-9.9.4-29.el7_2.4.x86_64.rpm
3f6a035ab4f28cc07b53ebd0d08180bc61770fc22063da7aff151ac9fd900c46  bind-sdb-9.9.4-29.el7_2.4.x86_64.rpm
7571846a525d0d4f7ee4ec9fd7c9e7a8a188e432f9ac8edabc601d544981a1c2  bind-sdb-chroot-9.9.4-29.el7_2.4.x86_64.rpm
bb7cffc09b99ced2319febbe3775c686efa265b2fc8cc5362cd7d5b36196a83a  bind-utils-9.9.4-29.el7_2.4.x86_64.rpm

Source:
e805af290f6fbaa2f111f46f12e17583818e4b15f2be27dd8813fdc3e6a6d39b  bind-9.9.4-29.el7_2.4.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC