[SECURITY] Fedora Core 5 Update: bind-9.3.4-1.fc5

Adam Tkac atkac at redhat.com
Wed Jan 31 16:47:52 UTC 2007

Fedora Update Notification

Product     : Fedora Core 5
Name        : bind
Version     : 9.3.4
Release     : 1.fc5
Summary     : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server.
Description :
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named),
which resolves host names to IP addresses; a resolver library
(routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating properly.

Update Information:

Fixed two security bugs
 - DNSSEC denial of service
 - BIND might crash after attempting to read free()-ed memory

and some common bugs
* Tue Jan 30 2007 Adam Tkac <atkac at redhat.com> - 30:9.3.4-1.fc5
- updated to 9.3.4 which contains bugfixes & security updates
* Tue Nov 21 2006 Martin Stransky <stransky at redhat.com> - 30:9.3.3-0.2.rc3
- update to the latest upstream (RC3), removed already merged patches
- added a timeout to restart
- fix for #212549: init script does not unmount /proc filesystem
- fix for #211282: EDNS is globally enabled, crashing CheckPoint FW-1,
    added edns-enable options to named configuration file which can suppress
    EDNS in queries to DNS servers (see /usr/share/doc/bind-9.3.3/misc/options)
- bind-chroot-adnim update - added clean-up, fixed rights for /var in chroot
* Thu Oct 26 2006 Martin Stransky <stransky at redhat.com> - 30:9.3.3-0.2.rc2
- added fix for #200465: named-checkzone and co. cannot be run as non-root user
- added fix for #207322: yum -y update results in error due to file conflict for bind
- added fix for #212348: chroot'd named causes df permission denied error
- added fix for #211249, #211083 - problems with stopping named
* Mon Oct 16 2006 Martin Stransky <stransky at redhat.com> - 30:9.3.3-0.1.rc2
- update to the latest upstream (9.3.3rc2)
- added fix from #209400 - Bind Init Script does not create
  the PID file always, created by Jeff Means
- added timeout to stop section of init script.
  The default is 100 sec. and can be adjusted by NAMED_SHUTDOWN_TIMEOUT
  shell variable.
- backported some minor fixes from devel
* Mon Sep 11 2006 Martin Stransky <stransky at redhat.com> - 30:9.3.2-33
- added fix for CVE-2006-4095
- added bind to PreReq (#202542)
* Fri Jul 21 2006 Jason Vas Dias <jvdias at redhat.com> - 30:9.3.2-32
- fix addenda to bug 189789: 
  determination of selinux enabled was still not 100% correct in bind-chroot-admin
- fix addenda to bug 196398:
  make named.init test for NetworkManager being enabled AFTER testing for -D absence;
  named.init now supports a 'DISABLE_NAMED_DBUS' /etc/sysconfig/named setting to disable
  auto-enable of named dbus support if NetworkManager enabled.
* Wed Jul 19 2006 Jason Vas Dias <jvdias at redhat.com> - 30:9.3.2-30
- fix bug 196398 - Enable -D option automatically in initscript
  if NetworkManager enabled in any runlevel.
- fix bugs 191093, 189789
- fix bug 196962 (fixed by backported 9.3.3b1 fixes to lib/isc/unix/ifiter_ioctl.c)
- backport selected fixes from upstream bind9 'v9_3_3b1' CVS version:
  ( see http://www.isc.org/sw/bind9.3.php "Fixes" ): 
  o change 2024 / bug 16027:
    named emitted spurious "zone serial unchanged" messages on reload
  o change 2013 / bug 15941:
    handle unexpected TSIGs on unsigned AXFR/IXFR responses more gracefully
  o change 2009 / bug 15808: coverity fixes
  o change 1997 / bug 15818: 
    named was failing to replace negative cache entries when a positive one
    for the type was learnt
  o change 1994 / bug 15694: OpenSSL 0.9.8 support
  o change 1991 / bug 15813:
    The configuration data, once read, should be treated as readonly.
  o misc. validator fixes 
  o misc. resolver fixes
  o misc. dns fixes
  o misc. isc fixes
  o misc. libbind fixes
  o misc. isccfg fix
  o misc. lwres fix
  o misc. named fixes
  o misc. dig fixes
  o misc. nsupdate fix
  o misc. tests fixes
* Wed Jun  7 2006 Jeremy Katz <katzj at redhat.com> - 30:9.3.2-24.FC6
- and actually put the devel symlinks in the right subpackage
* Thu May 25 2006 Jeremy Katz <katzj at redhat.com> - 30:9.3.2-23.FC6
- rebuild for -devel deps

This update can be downloaded from:

8a6fc679c423ae8ffd70517b457c015f0c165fc5  SRPMS/bind-9.3.4-1.fc5.src.rpm
8a6fc679c423ae8ffd70517b457c015f0c165fc5  noarch/bind-9.3.4-1.fc5.src.rpm
87198d2d5e204388ead07165075660e0b33450f0  ppc/bind-devel-9.3.4-1.fc5.ppc.rpm
a8cc807c7fc9b41baf176a5e85b2dfb74b834a43  ppc/caching-nameserver-9.3.4-1.fc5.ppc.rpm
38ced08be1fd3ba99de3f50027fd507f726aed3f  ppc/bind-utils-9.3.4-1.fc5.ppc.rpm
c6b1e34f533bccab0eaa77822c969ad45ab078b2  ppc/bind-libs-9.3.4-1.fc5.ppc.rpm
d5c385eb831513ac417b3e40316098ee76e62a27  ppc/debug/bind-debuginfo-9.3.4-1.fc5.ppc.rpm
8c23369273a5894a5b4a0946e326f40a95b551ae  ppc/bind-sdb-9.3.4-1.fc5.ppc.rpm
ed68b6d1a3d4a18da303d570ad4204954171d874  ppc/bind-9.3.4-1.fc5.ppc.rpm
1e443539d6ea55adc8aecad0b40c90ba0c002e50  ppc/bind-libbind-devel-9.3.4-1.fc5.ppc.rpm
2cabb34ac71b2f2a5f06b5750154ee7092bcc1f3  ppc/bind-chroot-9.3.4-1.fc5.ppc.rpm
c5357b1f10c033f5bafe5f1ba63a5b008138f041  x86_64/bind-devel-9.3.4-1.fc5.x86_64.rpm
ebb3161b3de9dcd1967f25d662e9425ae03a12c0  x86_64/debug/bind-debuginfo-9.3.4-1.fc5.x86_64.rpm
57b84db630532386ecd80db71e6f107b8988bcfa  x86_64/bind-libs-9.3.4-1.fc5.x86_64.rpm
54d9da829395f3b1d4b152455149d1dd308026db  x86_64/bind-sdb-9.3.4-1.fc5.x86_64.rpm
97d74c1f93fe573ecac492c80156b93b749473e1  x86_64/bind-libbind-devel-9.3.4-1.fc5.x86_64.rpm
f75a128f40aa9b700b0899d71bdc5be4dd7ce544  x86_64/bind-chroot-9.3.4-1.fc5.x86_64.rpm
aa10e939b85f9699f3436fd4d48ad4960a0422aa  x86_64/bind-utils-9.3.4-1.fc5.x86_64.rpm
c357bd3174653ec7c21ef266ef5d4b0deec2890f  x86_64/bind-9.3.4-1.fc5.x86_64.rpm
26bcf44264be0968b373e4e3e6dec2379fda214d  x86_64/caching-nameserver-9.3.4-1.fc5.x86_64.rpm
e58eec4e15249b1760770ca885167c1a7ef38286  i386/bind-devel-9.3.4-1.fc5.i386.rpm
59454bf9fdd55e311657883f76b9fcf2bb3c6727  i386/bind-libbind-devel-9.3.4-1.fc5.i386.rpm
771dc1a77f138f1272a71842f9bb0f2c2963764a  i386/bind-chroot-9.3.4-1.fc5.i386.rpm
c196f39959041140cf14f923febc3c994a873d0b  i386/debug/bind-debuginfo-9.3.4-1.fc5.i386.rpm
3e884ae7454b13aa5e99faa1d5aed778bb236256  i386/bind-9.3.4-1.fc5.i386.rpm
b98210f838bc90253c8a85127829f49034c1e2ed  i386/bind-utils-9.3.4-1.fc5.i386.rpm
f0fdef54a1b173ac0caa2a5ed0b3cbf391653469  i386/caching-nameserver-9.3.4-1.fc5.i386.rpm
a27478c07e1a46b6891b6abbf115a99a312e7a67  i386/bind-sdb-9.3.4-1.fc5.i386.rpm
e0d7ecb8fcfdc3bcb9b36eb5b5e0cc6774b23a5b  i386/bind-libs-9.3.4-1.fc5.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.

More information about the Fedora-package-announce mailing list