rhba-2006_0288
Vulnerability from csaf_redhat
Published
2006-08-09 00:00
Modified
2024-09-15 16:05
Summary
Red Hat Bug Fix Advisory: bind bug fix update
Notes
Topic
Updated bind packages that fix several bugs are now available.
Details
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. The bind package provides a DNS server
(named), which resolves host names to IP addresses, and tools for
control and verification of the DNS server. The bind-libs package
provides the libraries used by the DNS server and bind-utils. The
bind-utils package provides DNS lookup utilities: host(1), dig(1),
and nslookup. The bind-devel package provides header files for
development with the BIND libraries. A default set of DNS server
configuration files is provided by the caching-nameserver package.
This update delivers backports from ISC BIND 9.2.6 to apply these fixes:
- If a lookup for another name server's addresses returned addresses
that were unreachable via local routers, lookups for names in domains
for which that server is authoritative could experience a four second
delay per name not in the cache. No delay is now incurred for addresses
served by servers with unreachable addresses.
- Fixes to named's thread locking logic: This feature in ISC BIND 9.3.0+
was backported and delivered in this update.
- edns-udp-size: Users can now set the maximum size of UDP packets used
for EDNS0 (RFC 2671), to get past routers / firewalls that enforce a
maximum UDP packet size.
Miscellaneous bug fixes, including improved support for custom named.conf
locations, are also delivered in this update.
All BIND users are advised to upgrade to the updated bind packages.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated bind packages that fix several bugs are now available.",
"title": "Topic"
},
{
"category": "general",
"text": "BIND (Berkeley Internet Name Domain) is an implementation of the DNS\n(Domain Name System) protocols. The bind package provides a DNS server\n(named), which resolves host names to IP addresses, and tools for \ncontrol and verification of the DNS server. The bind-libs package\nprovides the libraries used by the DNS server and bind-utils. The\nbind-utils package provides DNS lookup utilities: host(1), dig(1),\nand nslookup. The bind-devel package provides header files for \ndevelopment with the BIND libraries. A default set of DNS server\nconfiguration files is provided by the caching-nameserver package.\n\nThis update delivers backports from ISC BIND 9.2.6 to apply these fixes:\n\n- If a lookup for another name server\u0027s addresses returned addresses \n that were unreachable via local routers, lookups for names in domains\n for which that server is authoritative could experience a four second\n delay per name not in the cache. No delay is now incurred for addresses\n served by servers with unreachable addresses.\n\n- Fixes to named\u0027s thread locking logic: This feature in ISC BIND 9.3.0+\nwas backported and delivered in this update.\n\n- edns-udp-size: Users can now set the maximum size of UDP packets used \n for EDNS0 (RFC 2671), to get past routers / firewalls that enforce a\n maximum UDP packet size.\n\nMiscellaneous bug fixes, including improved support for custom named.conf\nlocations, are also delivered in this update.\n\nAll BIND users are advised to upgrade to the updated bind packages.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2006:0288",
"url": "https://access.redhat.com/errata/RHBA-2006:0288"
},
{
"category": "external",
"summary": "167631",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=167631"
},
{
"category": "external",
"summary": "169416",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=169416"
},
{
"category": "external",
"summary": "170360",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=170360"
},
{
"category": "external",
"summary": "173961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=173961"
},
{
"category": "external",
"summary": "174127",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=174127"
},
{
"category": "external",
"summary": "178300",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=178300"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2006/rhba-2006_0288.json"
}
],
"title": "Red Hat Bug Fix Advisory: bind bug fix update",
"tracking": {
"current_release_date": "2024-09-15T16:05:54+00:00",
"generator": {
"date": "2024-09-15T16:05:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHBA-2006:0288",
"initial_release_date": "2006-08-09T00:00:00+00:00",
"revision_history": [
{
"date": "2006-08-09T00:00:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2006-08-09T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-15T16:05:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "Red Hat Enterprise Linux AS version 4",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "Red Hat Enterprise Linux Desktop version 4",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "Red Hat Enterprise Linux ES version 4",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "Red Hat Enterprise Linux WS version 4",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2006-4096",
"discovery_date": "2006-08-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "494543"
}
],
"notes": [
{
"category": "description",
"text": "BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive queries, which cause an INSIST failure when the response is received after the recursion queue is empty.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "INSIST failure in ISC BIND recursive query",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect Red Hat Enterprise Linux 2.1",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS version 4",
"Red Hat Enterprise Linux Desktop version 4",
"Red Hat Enterprise Linux ES version 4",
"Red Hat Enterprise Linux WS version 4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-4096"
},
{
"category": "external",
"summary": "RHBZ#494543",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=494543"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-4096",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4096"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-4096",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4096"
}
],
"release_date": "2006-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Enterprise Linux AS version 4",
"Red Hat Enterprise Linux Desktop version 4",
"Red Hat Enterprise Linux ES version 4",
"Red Hat Enterprise Linux WS version 4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2006:0288"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "INSIST failure in ISC BIND recursive query"
}
]
}
Loading...