【CESA-2017:1095】最新バージョンのbindが、Red Hat Enterprise Linux 7 からご利用いただけるようになりました

CESA-2017:1095

最新バージョンのbindが、Red Hat Enterprise Linux 7 からご利用いただけるようになりました。

Red Hat製品のセキュリティ及び品質は大変ご好評いただいております。

今回の最新バージョンVulnerability Scoring System(CVSS)は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name
System (DNS) protocols. BIND includes a DNS server (named); a resolver library
(routines for applications to use when interfacing with DNS); and tools for
verifying that the DNS server is operating correctly.

Security Fix(es):

* A denial of service flaw was found in the way BIND handled a query response
containing CNAME or DNAME resource records in an unusual order. A remote
attacker could use this flaw to make named exit unexpectedly with an assertion
failure via a specially crafted DNS response. (CVE-2017-3137)

* A denial of service flaw was found in the way BIND handled query requests when
using DNS64 with “break-dnssec yes” option. A remote attacker could use this
flaw to make named exit unexpectedly with an assertion failure via a specially
crafted DNS request. (CVE-2017-3136)

Red Hat would like to thank ISC for reporting these issues. Upstream
acknowledges Oleg Gorokhov (Yandex) as the original reporter of CVE-2017-3136.

Bugs Fixed

1441125 – CVE-2017-3136 bind: Incorrect error handling causes assertion failure when using DNS64 with “break-dnssec yes;”
1441133 – CVE-2017-3137 bind: Processing a response containing CNAME or DNAME with unusual order can crash resolver