Project

General

Profile

New bind packages fix CVE-2016-2848

CVE-2016-2848 bind: Denial of service

Problem Description

  • A denial of service flaw was found in the way BIND handled packets with
    malformed options. A remote attacker could use this flaw to make named exit
    unexpectedly with an assertion failure via a specially crafted DNS packet.
    (CVE-2016-2848)

Anouncement

Fix

Solution:

upgrade with bind-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm package from viapps repo.
upgrade with bind-libs-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm package from viapps repo.
upgrade with bind-utils-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm package from viapps repo.

Signatures

d23bc7a10139b0f19dc59a64270b0e4a  bind-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm
459b8c09ec16ea7c158cd17fd839d471  bind-chroot-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm
83e4a116abc649efb454498fb01b1a37  bind-devel-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm
6abd57dd07d31765f873bc7c8dc0bf4a  bind-libs-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm
2719e72958621a9f1c69b8835191dca2  bind-sdb-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm
6630680f287b1d4692637588ca42a5de  bind-utils-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm

How to apply:

  1. Copy downloaded rpms to cmi:/var/www/repo/x86_64
  2. Update CMI repo
    [root@cmi ~] createrepo --update /var/www/repo/x86_64
    
  3. Update DNS/DHCP/NTP node. Either
    1. From CMI front end -> Appliances -> Setup -> Minor packages Upgrade
    2. Or manually:
      [root@dns ~] yum clean all # (clear yum cache)
      [root@dns ~] yum -y update bind
      [...]
      
      Complete!
      
      [root@dns yum.repos.d]# rpm -q bind
      bind-9.8.2-0.47.rc1.el6_8.2.x86_64