Project

General

Profile

CVE-2015-5477 bind: TKEY query handling flaw leading to denial of service

Problem Description

A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet.

Anouncement

Fix

Solution:

upgrade with bind-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm package from viapps repo.
upgrade with bind-libs-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm package from viapps repo.
upgrade with bind-utils-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm package from viapps repo.
upgrade with openssl-1.0.1e-16.el6_5.7.x86_64.rpm package from viapps repo.

Signatures

d11960a033e49d13772f474862553e022b2c569b47a61c81b6a277ee359c623b  bind-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
ad5aaa78ddbc081a0fd6106aa6a6c449fab1db0432a450317918b46912c88c7f  bind-libs-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
602e7ccdc039cdebf35f88f25f8785ef407b8be105dc829974bcc8b46256531f  bind-utils-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm

How to apply:

  1. Copy downloaded rpms to cmi:/var/www/repo/x86_64
  2. Update CMI repo
    [root@cmi ~] createrepo --update /var/www/repo/x86_64
    
  3. Update DNS/DHCP/NTP node. Either
    1. From CMI front end -> Appliances -> Setup -> Minor packages Upgrade
    2. Or manually:
      [root@dns ~] yum clean all # (clear yum cache)
      [root@dns ~] yum -y update bind
      [...]
      
      Complete!
      
      [root@dns yum.repos.d]# rpm -q bind
      bind-9.8.2-0.37.rc1.el6_7.2.x86_64