| Description: | Description:
The remote host is missing updates announced in
advisory RHSA-2010:0975.
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named)
a resolver
library (routines for applications to use when interfacing with DNS)
and
tools for verifying that the DNS server is operating correctly.
It was discovered that named did not invalidate previously cached RRSIG
records when adding an NCACHE record for the same entry to the cache. A
remote attacker allowed to send recursive DNS queries to named could use
this flaw to crash named. (CVE-2010-3613)
It was discovered that, in certain cases, named did not properly perform
DNSSEC validation of an NS RRset for zones in the middle of a DNSKEY
algorithm rollover. This flaw could cause the validator to incorrectly
determine that the zone is insecure and not protected by DNSSEC.
(CVE-2010-3614)
All BIND users are advised to upgrade to these updated packages, which
contain a backported patch to resolve these issues. After installing the
update, the BIND daemon (named) will be restarted automatically.
Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date
http://rhn.redhat.com/errata/RHSA-2010-0975.html
Risk factor : High
CVSS Score:
6.4
|
