- ---------------------------------------------------------------------                   Red Hat Security Advisory

Synopsis:          Moderate: bind security update
Advisory ID:       RHSA-2007:0057-02
Advisory URL:      https://access.redhat.com/errata/RHSA-2007:0057.html
Issue date:        2007-03-14
Updated on:        2007-03-14
Product:           Red Hat Enterprise Linux
Keywords:          named bind dnssec
CVE Names:         CVE-2007-0493 CVE-2007-0494 
- ---------------------------------------------------------------------1. Summary:

Updated bind packages that fix a security issue and a bug are now available
for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols.  

A flaw was found in the way BIND processed certain DNS query responses. On
servers that had enabled DNSSEC validation, this could allow a remote
attacker to cause a denial of service. (CVE-2007-0494)

A use-after-free flaw was found in BIND. On servers that have recursion
enabled, this could allow a remote attacker to cause a denial of service. 
(CVE-2007-0493)

Users of BIND are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at


5. Bug IDs fixed (http://bugzilla.redhat.com/):

224445 - CVE-2007-0493 BIND might crash after attempting to read free()-ed memory
225229 - CVE-2007-0494 BIND dnssec denial of service

6. RPMs required:

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
061e9150a2729ef73db3f42224f9ec4a  bind-9.3.3-8.el5.src.rpm

i386:
d1b235753f0a30bf50c686b8889bdabb  bind-9.3.3-8.el5.i386.rpm
151c1d0c78cbbbab36737e944f175450  bind-debuginfo-9.3.3-8.el5.i386.rpm
0c9077d8950b18efe21714dded6c94c0  bind-libs-9.3.3-8.el5.i386.rpm
5b6f33360d14530cedaabfeb018772af  bind-sdb-9.3.3-8.el5.i386.rpm
9b7d14e4e7247d26b4ab1c670c295f8c  bind-utils-9.3.3-8.el5.i386.rpm

x86_64:
4d22697b70add12f9c124cc8cf286859  bind-9.3.3-8.el5.x86_64.rpm
151c1d0c78cbbbab36737e944f175450  bind-debuginfo-9.3.3-8.el5.i386.rpm
7d2051147d67e045e464b988ef78b001  bind-debuginfo-9.3.3-8.el5.x86_64.rpm
0c9077d8950b18efe21714dded6c94c0  bind-libs-9.3.3-8.el5.i386.rpm
dafc0a981792ee6504a665a0cd529d01  bind-libs-9.3.3-8.el5.x86_64.rpm
c05f0ec51d2439f4dd8f27b21bdbfe4f  bind-sdb-9.3.3-8.el5.x86_64.rpm
7251b73070a92dc90be41b0372000f61  bind-utils-9.3.3-8.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
061e9150a2729ef73db3f42224f9ec4a  bind-9.3.3-8.el5.src.rpm

i386:
3a8443e9f2da36135da2a8c002e9a571  bind-chroot-9.3.3-8.el5.i386.rpm
151c1d0c78cbbbab36737e944f175450  bind-debuginfo-9.3.3-8.el5.i386.rpm
2560fb157737b50781f0000b24fed60c  bind-devel-9.3.3-8.el5.i386.rpm
7103ae91f3663539a16a2a38152aa92a  bind-libbind-devel-9.3.3-8.el5.i386.rpm
ed3a96d19f0668ded01e63d6b422e3d2  caching-nameserver-9.3.3-8.el5.i386.rpm

x86_64:
1600c5327978f14cff4e3d6c723cd56e  bind-chroot-9.3.3-8.el5.x86_64.rpm
151c1d0c78cbbbab36737e944f175450  bind-debuginfo-9.3.3-8.el5.i386.rpm
7d2051147d67e045e464b988ef78b001  bind-debuginfo-9.3.3-8.el5.x86_64.rpm
2560fb157737b50781f0000b24fed60c  bind-devel-9.3.3-8.el5.i386.rpm
614c450db2303add7d716f9598ee4b9b  bind-devel-9.3.3-8.el5.x86_64.rpm
7103ae91f3663539a16a2a38152aa92a  bind-libbind-devel-9.3.3-8.el5.i386.rpm
07eb939ce9b72a601a11edd744234499  bind-libbind-devel-9.3.3-8.el5.x86_64.rpm
13fcf98bf097c8f5066941527658422b  caching-nameserver-9.3.3-8.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
061e9150a2729ef73db3f42224f9ec4a  bind-9.3.3-8.el5.src.rpm

i386:
d1b235753f0a30bf50c686b8889bdabb  bind-9.3.3-8.el5.i386.rpm
3a8443e9f2da36135da2a8c002e9a571  bind-chroot-9.3.3-8.el5.i386.rpm
151c1d0c78cbbbab36737e944f175450  bind-debuginfo-9.3.3-8.el5.i386.rpm
2560fb157737b50781f0000b24fed60c  bind-devel-9.3.3-8.el5.i386.rpm
7103ae91f3663539a16a2a38152aa92a  bind-libbind-devel-9.3.3-8.el5.i386.rpm
0c9077d8950b18efe21714dded6c94c0  bind-libs-9.3.3-8.el5.i386.rpm
5b6f33360d14530cedaabfeb018772af  bind-sdb-9.3.3-8.el5.i386.rpm
9b7d14e4e7247d26b4ab1c670c295f8c  bind-utils-9.3.3-8.el5.i386.rpm
ed3a96d19f0668ded01e63d6b422e3d2  caching-nameserver-9.3.3-8.el5.i386.rpm

ia64:
08f4fd9cbb47d965af28da56ccd26eca  bind-9.3.3-8.el5.ia64.rpm
7411dc9f8cd53f8856d4b9c2fdf067ca  bind-chroot-9.3.3-8.el5.ia64.rpm
151c1d0c78cbbbab36737e944f175450  bind-debuginfo-9.3.3-8.el5.i386.rpm
8c5efae65c85cd53878166066b9c5cc9  bind-debuginfo-9.3.3-8.el5.ia64.rpm
1d16d639b459fe2b2a9dbb306407cdea  bind-devel-9.3.3-8.el5.ia64.rpm
881a976fd60622c832e5b765e3a8729a  bind-libbind-devel-9.3.3-8.el5.ia64.rpm
0c9077d8950b18efe21714dded6c94c0  bind-libs-9.3.3-8.el5.i386.rpm
fda8d77c60383c569e4eb17f6b066c58  bind-libs-9.3.3-8.el5.ia64.rpm
b9c03a97fc999979339c7d5c4f1ca697  bind-sdb-9.3.3-8.el5.ia64.rpm
cdbd214f638e98281402a5691883896f  bind-utils-9.3.3-8.el5.ia64.rpm
85f4480c97389bdb422e2e5431830dd3  caching-nameserver-9.3.3-8.el5.ia64.rpm

ppc:
97eb06f5f63d9b1dd8d8ef041a877632  bind-9.3.3-8.el5.ppc.rpm
a865dd4b52d40727d7ced7146942d088  bind-chroot-9.3.3-8.el5.ppc.rpm
2b89b5609242826517643b6289b8a09e  bind-debuginfo-9.3.3-8.el5.ppc.rpm
47ca706022444136bef013b249dd32e1  bind-debuginfo-9.3.3-8.el5.ppc64.rpm
807d87da920d8767cd7be81ec9b23321  bind-devel-9.3.3-8.el5.ppc.rpm
e2e769b4315e07e7195806a9c005cffe  bind-devel-9.3.3-8.el5.ppc64.rpm
4ecaa16632585f2216d63021586e48a7  bind-libbind-devel-9.3.3-8.el5.ppc.rpm
4e678e537581aa6b6a74d364d74f69d4  bind-libbind-devel-9.3.3-8.el5.ppc64.rpm
dec1559e9bb45aa632847eb6ddc934a9  bind-libs-9.3.3-8.el5.ppc.rpm
6b22f1a2277a9667bb20ab80cdb8483f  bind-libs-9.3.3-8.el5.ppc64.rpm
55d0288209e14a9bede395a24d0e93ac  bind-sdb-9.3.3-8.el5.ppc.rpm
b13aae75cb909caaf8a8a23ded7e8041  bind-utils-9.3.3-8.el5.ppc.rpm
f0b76f1c2623f5fc385d4f12ef466550  caching-nameserver-9.3.3-8.el5.ppc.rpm

s390x:
c26913a7906a9c810ab21adfbf0f811f  bind-9.3.3-8.el5.s390x.rpm
db3adf531b274576542b2a974d467742  bind-chroot-9.3.3-8.el5.s390x.rpm
cac132d3282b90e6b28965fa84c6553e  bind-debuginfo-9.3.3-8.el5.s390.rpm
6f5b92db72685d3af1151a1fef462c86  bind-debuginfo-9.3.3-8.el5.s390x.rpm
74fb9b7fdbe7ed9642e326f39b9e64ba  bind-devel-9.3.3-8.el5.s390.rpm
ffa2fd4199b49d1ad2860d775cc8981c  bind-devel-9.3.3-8.el5.s390x.rpm
a023669dd68fca0a1f328eaf0edb5688  bind-libbind-devel-9.3.3-8.el5.s390.rpm
cd44c6c7d65036db055bdb184e98ecb7  bind-libbind-devel-9.3.3-8.el5.s390x.rpm
14ab6cea9014c1b219360ea63b878012  bind-libs-9.3.3-8.el5.s390.rpm
1c4675bdd52331f7f89b0b3a92cb3ce2  bind-libs-9.3.3-8.el5.s390x.rpm
f434705fdaa4918f9957391518a30f02  bind-sdb-9.3.3-8.el5.s390x.rpm
db6d7c3622e1306bc816352ca06ddbc2  bind-utils-9.3.3-8.el5.s390x.rpm
52aa7545a263150a525a44f0389d2205  caching-nameserver-9.3.3-8.el5.s390x.rpm

x86_64:
4d22697b70add12f9c124cc8cf286859  bind-9.3.3-8.el5.x86_64.rpm
1600c5327978f14cff4e3d6c723cd56e  bind-chroot-9.3.3-8.el5.x86_64.rpm
151c1d0c78cbbbab36737e944f175450  bind-debuginfo-9.3.3-8.el5.i386.rpm
7d2051147d67e045e464b988ef78b001  bind-debuginfo-9.3.3-8.el5.x86_64.rpm
2560fb157737b50781f0000b24fed60c  bind-devel-9.3.3-8.el5.i386.rpm
614c450db2303add7d716f9598ee4b9b  bind-devel-9.3.3-8.el5.x86_64.rpm
7103ae91f3663539a16a2a38152aa92a  bind-libbind-devel-9.3.3-8.el5.i386.rpm
07eb939ce9b72a601a11edd744234499  bind-libbind-devel-9.3.3-8.el5.x86_64.rpm
0c9077d8950b18efe21714dded6c94c0  bind-libs-9.3.3-8.el5.i386.rpm
dafc0a981792ee6504a665a0cd529d01  bind-libs-9.3.3-8.el5.x86_64.rpm
c05f0ec51d2439f4dd8f27b21bdbfe4f  bind-sdb-9.3.3-8.el5.x86_64.rpm
7251b73070a92dc90be41b0372000f61  bind-utils-9.3.3-8.el5.x86_64.rpm
13fcf98bf097c8f5066941527658422b  caching-nameserver-9.3.3-8.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494
http://marc.theaimsgroup.com/?l=bind-announce&m=116968519300764
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.