SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
(CentOS Issues Fix) BIND DNSSEC Validation Flaw Lets Remote Users Cause the Target Service to Crash
SecurityTracker Alert ID:  1038435
SecurityTracker URL:  http://securitytracker.com/id/1038435
CVE Reference:   CVE-2017-3139   (Links to External Site)
Date:  May 10 2017
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in BIND on Red Hat Enterprise Linux. A remote user can cause the target service to crash.

A remote user can return a specially crafted DNS response to trigger a DNSSEC validation flaw and cause the named service to crash.

The BIND versions shipped with Red Hat Enterprise Linux 6 are affected.

The upstream versions of BIND are not affected.

Impact:   A remote user can cause the target service to crash.
Solution:   CentOS has issued a fix.

i386:
c1b56581baba94701da450a96e6ab96f6ac4f083e5f421c3ebe7124aa3411179 bind-9.8.2-0.62.rc1.el6_9.2.i686.rpm
e033ff2999ee5094166f858629831f12caf926c10f2156d1bf92dd5fbc6c3a7b bind-chroot-9.8.2-0.62.rc1.el6_9.2.i686.rpm
f3bd19a5c47a27ae24967a06b7bf37b09b27631556cd1873ac6b8b9f55b41b78 bind-devel-9.8.2-0.62.rc1.el6_9.2.i686.rpm
ec7c8ae880e8366214991ca56d02bed6043665ae34657aac5814c781e2e2b5af bind-libs-9.8.2-0.62.rc1.el6_9.2.i686.rpm
2cecf3d6f6631711bc00d8c65a89c69f35caec84fd6a32aede440c6a3f7e0163 bind-sdb-9.8.2-0.62.rc1.el6_9.2.i686.rpm
37d38b81206240ff8562534ca327ac7fdbd4592ebcee0caaa637eccd3df8a8e9 bind-utils-9.8.2-0.62.rc1.el6_9.2.i686.rpm

x86_64:
7320440995c79fe2648545554f8fa76bd1467f8873df842002783d7e8c3d7e38 bind-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm
9f589d84f1278d8c2c8595e2967fdee489478359a369f11a9f4c9a26f49fbccc bind-chroot-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm
f3bd19a5c47a27ae24967a06b7bf37b09b27631556cd1873ac6b8b9f55b41b78 bind-devel-9.8.2-0.62.rc1.el6_9.2.i686.rpm
0bc38d410990965648547b2fa605fcb177512b1488b192d6dbb060cfa018ee89 bind-devel-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm
ec7c8ae880e8366214991ca56d02bed6043665ae34657aac5814c781e2e2b5af bind-libs-9.8.2-0.62.rc1.el6_9.2.i686.rpm
949b45a95464c27e4093db800058df377fb9c5f7cf866655c3952c5f7c9c262d bind-libs-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm
5cbf42814270ca79b07de4864a56eb33dbc5c8e55cccdabbec816c8abcbd4655 bind-sdb-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm
97e32251f12374180ecd20ac5bce16b7c904367f9a308b9b890c46f0da452f6c bind-utils-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm

Source:
6fd6c22a5158c38ff37918a7488a7ee579918c961464891d6f06b396c39df64f bind-9.8.2-0.62.rc1.el6_9.2.src.rpm

Cause:   Input validation error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  6

Message History:   This archive entry is a follow-up to the message listed below.
May 8 2017 BIND DNSSEC Validation Flaw Lets Remote Users Cause the Target Service to Crash



 Source Message Contents

Subject:  [CentOS-announce] CESA-2017:1202 Important CentOS 6 bind Security Update


CentOS Errata and Security Advisory 2017:1202 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2017-1202.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
c1b56581baba94701da450a96e6ab96f6ac4f083e5f421c3ebe7124aa3411179  bind-9.8.2-0.62.rc1.el6_9.2.i686.rpm
e033ff2999ee5094166f858629831f12caf926c10f2156d1bf92dd5fbc6c3a7b  bind-chroot-9.8.2-0.62.rc1.el6_9.2.i686.rpm
f3bd19a5c47a27ae24967a06b7bf37b09b27631556cd1873ac6b8b9f55b41b78  bind-devel-9.8.2-0.62.rc1.el6_9.2.i686.rpm
ec7c8ae880e8366214991ca56d02bed6043665ae34657aac5814c781e2e2b5af  bind-libs-9.8.2-0.62.rc1.el6_9.2.i686.rpm
2cecf3d6f6631711bc00d8c65a89c69f35caec84fd6a32aede440c6a3f7e0163  bind-sdb-9.8.2-0.62.rc1.el6_9.2.i686.rpm
37d38b81206240ff8562534ca327ac7fdbd4592ebcee0caaa637eccd3df8a8e9  bind-utils-9.8.2-0.62.rc1.el6_9.2.i686.rpm

x86_64:
7320440995c79fe2648545554f8fa76bd1467f8873df842002783d7e8c3d7e38  bind-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm
9f589d84f1278d8c2c8595e2967fdee489478359a369f11a9f4c9a26f49fbccc  bind-chroot-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm
f3bd19a5c47a27ae24967a06b7bf37b09b27631556cd1873ac6b8b9f55b41b78  bind-devel-9.8.2-0.62.rc1.el6_9.2.i686.rpm
0bc38d410990965648547b2fa605fcb177512b1488b192d6dbb060cfa018ee89  bind-devel-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm
ec7c8ae880e8366214991ca56d02bed6043665ae34657aac5814c781e2e2b5af  bind-libs-9.8.2-0.62.rc1.el6_9.2.i686.rpm
949b45a95464c27e4093db800058df377fb9c5f7cf866655c3952c5f7c9c262d  bind-libs-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm
5cbf42814270ca79b07de4864a56eb33dbc5c8e55cccdabbec816c8abcbd4655  bind-sdb-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm
97e32251f12374180ecd20ac5bce16b7c904367f9a308b9b890c46f0da452f6c  bind-utils-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm

Source:
6fd6c22a5158c38ff37918a7488a7ee579918c961464891d6f06b396c39df64f  bind-9.8.2-0.62.rc1.el6_9.2.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC