Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[RHSA-2008:0300-02] Moderate: bind security, bug fix, and enhancement update

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

=====================================================================

Red Hat Security Advisory

 

Synopsis: Moderate: bind security, bug fix, and enhancement update

Advisory ID: RHSA-2008:0300-02

Product: Red Hat Enterprise Linux

Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0300.html

Issue date: 2008-05-20

Updated on: 2008-05-21

Keywords: gss-tsig lsb sdb

CVE Names: CVE-2007-6283 CVE-2008-0122

=====================================================================

 

1. Summary:

 

Updated bind packages that fix two security issues, several bugs, and add

enhancements are now available for Red Hat Enterprise Linux 5.

 

This update has been rated as having moderate security impact by the Red

Hat Security Response Team.

 

2. Relevant releases/architectures:

 

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

RHEL Desktop Workstation (v. 5 client) - i386, x86_64

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

 

3. Description:

 

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain

Name System (DNS) protocols. BIND includes a DNS server (named); a resolver

library (routines for applications to use when interfacing with DNS); and

tools for verifying that the DNS server is operating correctly.

 

It was discovered that the bind packages created the "rndc.key" file with

insecure file permissions. This allowed any local user to read the content

of this file. A local user could use this flaw to control some aspects of

the named daemon by using the rndc utility, for example, stopping the named

daemon. This problem did not affect systems with the bind-chroot package

installed. (CVE-2007-6283)

 

A buffer overflow flaw was discovered in the "inet_network()" function, as

implemented by libbind. An attacker could use this flaw to crash an

application calling this function, with an argument provided from an

untrusted source. (CVE-2008-0122)

 

As well, these updated packages fix the following bugs:

 

* when using an LDAP backend, missing function declarations caused

segmentation faults, due to stripped pointers on machines where pointers

are longer than integers.

 

* starting named may have resulted in named crashing, due to a race

condition during D-BUS connection initialization. This has been resolved in

these updated packages.

 

* the named init script returned incorrect error codes, causing the

"status" command to return an incorrect status. In these updated packages,

the named init script is Linux Standard Base (LSB) compliant.

 

* in these updated packages, the "rndc [command] [zone]" command, where

[command] is an rndc command, and [zone] is the specified zone, will find

the [zone] if the zone is unique to all views.

 

* the default named log rotation script did not work correctly when using

the bind-chroot package. In these updated packages, installing

bind-chroot creates the symbolic link "/var/log/named.log", which points

to "/var/named/chroot/var/log/named.log", which resolves this issue.

 

* a previous bind update incorrectly changed the permissions on the

"/etc/openldap/schema/dnszone.schema" file to mode 640, instead of mode

644, which resulted in OpenLDAP not being able to start. In these updated

packages, the permissions are correctly set to mode 644.

 

* the "checkconfig" parameter was missing in the named usage report. For

example, running the "service named" command did not return "checkconfig"

in the list of available options.

 

* due to a bug in the named init script not handling the rndc return value

correctly, the "service named stop" and "service named restart" commands

failed on certain systems.

 

* the bind-chroot spec file printed errors when running the "%pre" and

"%post" sections. Errors such as the following occurred:

 

Locating //etc/named.conf failed:

[FAILED]

 

This has been resolved in these updated packages.

 

* installing the bind-chroot package creates a "/dev/random" file in the

chroot environment; however, the "/dev/random" file had an incorrect

SELinux label. Starting named resulted in an 'avc: denied { getattr } for

pid=[pid] comm="named" path="/dev/random"' error being logged. The

"/dev/random" file has the correct SELinux label in these updated packages.

 

* in certain situations, running the "bind +trace" command resulted in

random segmentation faults.

 

As well, these updated packages add the following enhancements:

 

* support has been added for GSS-TSIG (RFC 3645).

 

* the "named.root" file has been updated to reflect the new address for

L.ROOT-SERVERS.NET.

 

* updates BIND to the latest 9.3 maintenance release.

 

All users of bind are advised to upgrade to these updated packages, which

resolve these issues and add these enhancements.

 

4. Solution:

 

Before applying this update, make sure that all previously-released

errata relevant to your system have been applied.

 

This update is available via Red Hat Network. Details on how to use

the Red Hat Network to apply this update are available at

http://kbase.redhat.com/faq/FAQ_58_10188

 

5. Bugs fixed (http://bugzilla.redhat.com/):

 

240788 - bind_sdb, ldap2zone segfaulting

240876 - bind crashes on restart and also when running without forwarders

242734 - Wrong init script

247486 - bind-chroot does not modify /etc/logrotate.d/named

250118 - dnszone.schema bad file permissions

250744 - missed parameter "configtest" in init script usage report

250901 - "service named restart" fails

251528 - RFE: add support for GSSTSIG

252334 - bind-chroot-9.3.3-9.0.1 leaks error noise in its scripts

253537 - avc: denied { getattr } for comm="named" path="/dev/random"

353741 - Rebase to latest 9.3 maintenance release

363531 - New L.ROOT-SERVERS.NET address

419421 - CVE-2007-6283 bind: /etc/rndc.key has 644 permissions by default

423741 - resolver library causes segfaults in bind-utils such as dig,ping

429149 - CVE-2008-0122 libbind off-by-one buffer overflow

 

6. Package List:

 

Red Hat Enterprise Linux Desktop (v. 5 client):

 

Source:

ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind-9.3.4-6.P1.el5.src.rpm

 

i386:

bind-9.3.4-6.P1.el5.i386.rpm

bind-debuginfo-9.3.4-6.P1.el5.i386.rpm

bind-libs-9.3.4-6.P1.el5.i386.rpm

bind-sdb-9.3.4-6.P1.el5.i386.rpm

bind-utils-9.3.4-6.P1.el5.i386.rpm

 

x86_64:

bind-9.3.4-6.P1.el5.x86_64.rpm

bind-debuginfo-9.3.4-6.P1.el5.i386.rpm

bind-debuginfo-9.3.4-6.P1.el5.x86_64.rpm

bind-libs-9.3.4-6.P1.el5.i386.rpm

bind-libs-9.3.4-6.P1.el5.x86_64.rpm

bind-sdb-9.3.4-6.P1.el5.x86_64.rpm

bind-utils-9.3.4-6.P1.el5.x86_64.rpm

 

RHEL Desktop Workstation (v. 5 client):

 

Source:

ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind-9.3.4-6.P1.el5.src.rpm

 

i386:

bind-chroot-9.3.4-6.P1.el5.i386.rpm

bind-debuginfo-9.3.4-6.P1.el5.i386.rpm

bind-devel-9.3.4-6.P1.el5.i386.rpm

bind-libbind-devel-9.3.4-6.P1.el5.i386.rpm

caching-nameserver-9.3.4-6.P1.el5.i386.rpm

 

x86_64:

bind-chroot-9.3.4-6.P1.el5.x86_64.rpm

bind-debuginfo-9.3.4-6.P1.el5.i386.rpm

bind-debuginfo-9.3.4-6.P1.el5.x86_64.rpm

bind-devel-9.3.4-6.P1.el5.i386.rpm

bind-devel-9.3.4-6.P1.el5.x86_64.rpm

bind-libbind-devel-9.3.4-6.P1.el5.i386.rpm

bind-libbind-devel-9.3.4-6.P1.el5.x86_64.rpm

caching-nameserver-9.3.4-6.P1.el5.x86_64.rpm

 

Red Hat Enterprise Linux (v. 5 server):

 

Source:

ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/bind-9.3.4-6.P1.el5.src.rpm

 

i386:

bind-9.3.4-6.P1.el5.i386.rpm

bind-chroot-9.3.4-6.P1.el5.i386.rpm

bind-debuginfo-9.3.4-6.P1.el5.i386.rpm

bind-devel-9.3.4-6.P1.el5.i386.rpm

bind-libbind-devel-9.3.4-6.P1.el5.i386.rpm

bind-libs-9.3.4-6.P1.el5.i386.rpm

bind-sdb-9.3.4-6.P1.el5.i386.rpm

bind-utils-9.3.4-6.P1.el5.i386.rpm

caching-nameserver-9.3.4-6.P1.el5.i386.rpm

 

ia64:

bind-9.3.4-6.P1.el5.ia64.rpm

bind-chroot-9.3.4-6.P1.el5.ia64.rpm

bind-debuginfo-9.3.4-6.P1.el5.i386.rpm

bind-debuginfo-9.3.4-6.P1.el5.ia64.rpm

bind-devel-9.3.4-6.P1.el5.ia64.rpm

bind-libbind-devel-9.3.4-6.P1.el5.ia64.rpm

bind-libs-9.3.4-6.P1.el5.i386.rpm

bind-libs-9.3.4-6.P1.el5.ia64.rpm

bind-sdb-9.3.4-6.P1.el5.ia64.rpm

bind-utils-9.3.4-6.P1.el5.ia64.rpm

caching-nameserver-9.3.4-6.P1.el5.ia64.rpm

 

ppc:

bind-9.3.4-6.P1.el5.ppc.rpm

bind-chroot-9.3.4-6.P1.el5.ppc.rpm

bind-debuginfo-9.3.4-6.P1.el5.ppc.rpm

bind-debuginfo-9.3.4-6.P1.el5.ppc64.rpm

bind-devel-9.3.4-6.P1.el5.ppc.rpm

bind-devel-9.3.4-6.P1.el5.ppc64.rpm

bind-libbind-devel-9.3.4-6.P1.el5.ppc.rpm

bind-libbind-devel-9.3.4-6.P1.el5.ppc64.rpm

bind-libs-9.3.4-6.P1.el5.ppc.rpm

bind-libs-9.3.4-6.P1.el5.ppc64.rpm

bind-sdb-9.3.4-6.P1.el5.ppc.rpm

bind-utils-9.3.4-6.P1.el5.ppc.rpm

caching-nameserver-9.3.4-6.P1.el5.ppc.rpm

 

s390x:

bind-9.3.4-6.P1.el5.s390x.rpm

bind-chroot-9.3.4-6.P1.el5.s390x.rpm

bind-debuginfo-9.3.4-6.P1.el5.s390.rpm

bind-debuginfo-9.3.4-6.P1.el5.s390x.rpm

bind-devel-9.3.4-6.P1.el5.s390.rpm

bind-devel-9.3.4-6.P1.el5.s390x.rpm

bind-libbind-devel-9.3.4-6.P1.el5.s390.rpm

bind-libbind-devel-9.3.4-6.P1.el5.s390x.rpm

bind-libs-9.3.4-6.P1.el5.s390.rpm

bind-libs-9.3.4-6.P1.el5.s390x.rpm

bind-sdb-9.3.4-6.P1.el5.s390x.rpm

bind-utils-9.3.4-6.P1.el5.s390x.rpm

caching-nameserver-9.3.4-6.P1.el5.s390x.rpm

 

x86_64:

bind-9.3.4-6.P1.el5.x86_64.rpm

bind-chroot-9.3.4-6.P1.el5.x86_64.rpm

bind-debuginfo-9.3.4-6.P1.el5.i386.rpm

bind-debuginfo-9.3.4-6.P1.el5.x86_64.rpm

bind-devel-9.3.4-6.P1.el5.i386.rpm

bind-devel-9.3.4-6.P1.el5.x86_64.rpm

bind-libbind-devel-9.3.4-6.P1.el5.i386.rpm

bind-libbind-devel-9.3.4-6.P1.el5.x86_64.rpm

bind-libs-9.3.4-6.P1.el5.i386.rpm

bind-libs-9.3.4-6.P1.el5.x86_64.rpm

bind-sdb-9.3.4-6.P1.el5.x86_64.rpm

bind-utils-9.3.4-6.P1.el5.x86_64.rpm

caching-nameserver-9.3.4-6.P1.el5.x86_64.rpm

 

These packages are GPG signed by Red Hat for security. Our key and

details on how to verify the signature are available from

https://www.redhat.com/security/team/key/#package

 

7. References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6283

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0122

http://www.redhat.com/security/updates/classification/#moderate

 

8. Contact:

 

The Red Hat security contact is . More contact

details at https://www.redhat.com/security/team/contact/

 

Copyright 2008 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.4 (GNU/Linux)

 

iD8DBQFINDHvXlSAg2UNWIIRAia8AJ9cwIMZ6KExQLVgCPAIMULjcefR1ACgnlYa

0//nmfeApeTQaT/uZaR3LRQ=

=nRjq

-----END PGP SIGNATURE-----

 

 

--

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×