Bug 170326 - critical issues with BIND 9.2.4 now fixed with ISC BIND 9.2.5 require backport
critical issues with BIND 9.2.4 now fixed with ISC BIND 9.2.5 require backport
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: bind (Show other bugs)
3.0
All Linux
medium Severity high
: ---
: ---
Assigned To: Jason Vas Dias
Ben Levenson
:
Depends On:
Blocks: RHEL3U8CanFix
  Show dependency treegraph
 
Reported: 2005-10-10 14:37 EDT by Jason Vas Dias
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version: RHBA-2006-0287
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-07-20 10:58:01 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Comment 2 Jason Vas Dias 2005-10-10 20:04:09 EDT
This is now fixed with bind-9.2.4-10_EL3, errata RHBA-2005:804, available from:
   http://people.redhat.com/~jvdias/bind/RHEL-4

These are all changes that have been in bind-9.2.5 and FC-3 for nearly a year
now. 

A basic sanity test and run of the test rpm will suffice for testing - I will
add notes to the errata for further testing details.
Comment 4 Jason Vas Dias 2005-10-13 12:26:51 EDT
RE: Comment #3 From Mark J. Cox :
> Note: this has been submitted as an asynchronous RHBA.  Were any of the above
> issues with a security consequence?  If not was this really intendted for
> RHEL3-U7 instead?

Yes, this update is intended only for RHEL-3-U7 - it is on the RHEL-3-U7
Proposed list. 
"ASYNC" is the group the errata gets when it is created - I can't change this.

Yes, many of the issues above have security implications, in that they can
lead to named crashing, and hence denial of service - ie. :

1800.	[bug]		Changes #1719 allowed a INSIST to be triggered.
			[RT #13428]

1744.	[bug]		If tuple2msgname() failed to convert a tuple to
			a name a REQUIRE could be triggered. [RT #12796]

1743.	[bug]		If isc_taskmgr_create() was not able to create the
			requested number of worker threads then destruction
			of the manager would trigger an INSIST() failure.
			[RT #12790]

In addition, these issues could potentially be exploited for cache-poisoning
attacks:

1719.	[bug]		named was not correctly caching a RFC 2308 Type 1
			negative response. [RT #12506]

1718.	[bug]		nsupdate was not handling RFC 2308 Type 3 negative
			responses when looking for the zone / master server.
			[RT #12506]
Comment 6 Jason Vas Dias 2005-10-21 12:32:55 EDT
When considering whether to ACK/NACK this bug, please bear in mind:

All the code submitted for these bug fixes
o has been in FC-3's BIND-9.2.5 since Mar 11 2005 and all subsequent FC-4 /
  Rawhide releases, and has been tested by FC-3-4-5 users for 8 months.

o No new features are implemented by this code - it fixes known 9.2.4 bugs only.

o Has been developed and tested by upstream ISC BIND developers to fix known 
  bugs, and has gone through their stringent community code review and testing
  processes.

o The test suite shipped with BIND has been updated to test all the issues 
  listed above, so it can be tested quite simply by running the BIND test
  suite as described in the errata HOW TO TEST.

Comment 14 Bob Johnson 2006-04-11 12:20:02 EDT
This issue is on Red Hat Engineering's list of planned work items 
for the upcoming Red Hat Enterprise Linux 3.8 release.  Engineering 
resources have been assigned and barring unforeseen circumstances, Red 
Hat intends to include this item in the 3.8 release.
Comment 16 Red Hat Bugzilla 2006-07-20 10:58:01 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2006-0287.html

Note You need to log in before you can comment on or make changes to this bug.