Project

General

Profile

CVE-2015-8000 bind: responses with a malformed class attribute can trigger an assertion failure in db.c

Problem Description

A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive server to crash. Note: This issue affects authoritative servers as well as recursive servers, however authoritative servers are at limited risk if they perform authentication when making recursive queries to resolve addresses for servers listed in NS RRSETs.

Anouncement

Fix

Solution:

upgrade with bind-9.8.2-0.37.rc1.el6_7.5.x86_64.rpm package from viapps repo.
upgrade with bind-libs-9.8.2-0.37.rc1.el6_7.5.x86_64.rpm package from viapps repo.
upgrade with bind-utils-9.8.2-0.37.rc1.el6_7.5.x86_64.rpm package from viapps repo.

Signatures

047d9453d513524559922e996563f868  bind-9.8.2-0.37.rc1.el6_7.5.x86_64.rpm
d59052271995e4cb07cf999e3c5af95b  bind-libs-9.8.2-0.37.rc1.el6_7.5.x86_64.rpm
8e31a1645a67cf111927bc15d1acbfa0  bind-utils-9.8.2-0.37.rc1.el6_7.5.x86_64.rpm

How to apply:

  1. Copy downloaded rpms to cmi:/var/www/repo/x86_64
  2. Update CMI repo
    [root@cmi ~] createrepo --update /var/www/repo/x86_64
    
  3. Update DNS/DHCP/NTP node. Either
    1. From CMI front end -> Appliances -> Setup -> Minor packages Upgrade
    2. Or manually:
      [root@dns ~] yum clean all # (clear yum cache)
      [root@dns ~] yum -y update bind
      [...]
      
      Complete!
      
      [root@dns yum.repos.d]# rpm -q bind
      bind-9.8.2-0.37.rc1.el6_7.5.x86_64