-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: bind security and bug fix update Advisory ID: RHSA-2020:1061-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1061 Issue date: 2020-03-31 CVE Names: CVE-2018-5745 CVE-2019-6465 CVE-2019-6477 ==================================================================== 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: TCP Pipelining doesn't limit TCP clients on a single connection (CVE-2019-6477) * bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (CVE-2018-5745) * bind: Controls for zone transfers may not be properly applied to DLZs if the zones are writable (CVE-2019-6465) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1679303 - CVE-2018-5745 bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys 1679304 - CVE-2019-6465 bind: Controls for zone transfers may not be properly applied to DLZs if the zones are writable 1743572 - nslookup doesn't try to search the search in /etc/resolv.conf 1753259 - Regression: BIND 9.11 listens on [::]:53 even it isn't configured to do so 1773617 - CVE-2019-6477 bind: TCP Pipelining doesn't limit TCP clients on a single connection 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: bind-9.11.4-16.P2.el7.src.rpm noarch: bind-license-9.11.4-16.P2.el7.noarch.rpm x86_64: bind-debuginfo-9.11.4-16.P2.el7.i686.rpm bind-debuginfo-9.11.4-16.P2.el7.x86_64.rpm bind-export-libs-9.11.4-16.P2.el7.i686.rpm bind-export-libs-9.11.4-16.P2.el7.x86_64.rpm bind-libs-9.11.4-16.P2.el7.i686.rpm bind-libs-9.11.4-16.P2.el7.x86_64.rpm bind-libs-lite-9.11.4-16.P2.el7.i686.rpm bind-libs-lite-9.11.4-16.P2.el7.x86_64.rpm bind-utils-9.11.4-16.P2.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bind-9.11.4-16.P2.el7.x86_64.rpm bind-chroot-9.11.4-16.P2.el7.x86_64.rpm bind-debuginfo-9.11.4-16.P2.el7.i686.rpm bind-debuginfo-9.11.4-16.P2.el7.x86_64.rpm bind-devel-9.11.4-16.P2.el7.i686.rpm bind-devel-9.11.4-16.P2.el7.x86_64.rpm bind-export-devel-9.11.4-16.P2.el7.i686.rpm bind-export-devel-9.11.4-16.P2.el7.x86_64.rpm bind-lite-devel-9.11.4-16.P2.el7.i686.rpm bind-lite-devel-9.11.4-16.P2.el7.x86_64.rpm bind-pkcs11-9.11.4-16.P2.el7.x86_64.rpm bind-pkcs11-devel-9.11.4-16.P2.el7.i686.rpm bind-pkcs11-devel-9.11.4-16.P2.el7.x86_64.rpm bind-pkcs11-libs-9.11.4-16.P2.el7.i686.rpm bind-pkcs11-libs-9.11.4-16.P2.el7.x86_64.rpm bind-pkcs11-utils-9.11.4-16.P2.el7.x86_64.rpm bind-sdb-9.11.4-16.P2.el7.x86_64.rpm bind-sdb-chroot-9.11.4-16.P2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: bind-9.11.4-16.P2.el7.src.rpm noarch: bind-license-9.11.4-16.P2.el7.noarch.rpm x86_64: bind-debuginfo-9.11.4-16.P2.el7.i686.rpm bind-debuginfo-9.11.4-16.P2.el7.x86_64.rpm bind-export-libs-9.11.4-16.P2.el7.i686.rpm bind-export-libs-9.11.4-16.P2.el7.x86_64.rpm bind-libs-9.11.4-16.P2.el7.i686.rpm bind-libs-9.11.4-16.P2.el7.x86_64.rpm bind-libs-lite-9.11.4-16.P2.el7.i686.rpm bind-libs-lite-9.11.4-16.P2.el7.x86_64.rpm bind-utils-9.11.4-16.P2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: bind-9.11.4-16.P2.el7.x86_64.rpm bind-chroot-9.11.4-16.P2.el7.x86_64.rpm bind-debuginfo-9.11.4-16.P2.el7.i686.rpm bind-debuginfo-9.11.4-16.P2.el7.x86_64.rpm bind-devel-9.11.4-16.P2.el7.i686.rpm bind-devel-9.11.4-16.P2.el7.x86_64.rpm bind-export-devel-9.11.4-16.P2.el7.i686.rpm bind-export-devel-9.11.4-16.P2.el7.x86_64.rpm bind-lite-devel-9.11.4-16.P2.el7.i686.rpm bind-lite-devel-9.11.4-16.P2.el7.x86_64.rpm bind-pkcs11-9.11.4-16.P2.el7.x86_64.rpm bind-pkcs11-devel-9.11.4-16.P2.el7.i686.rpm bind-pkcs11-devel-9.11.4-16.P2.el7.x86_64.rpm bind-pkcs11-libs-9.11.4-16.P2.el7.i686.rpm bind-pkcs11-libs-9.11.4-16.P2.el7.x86_64.rpm bind-pkcs11-utils-9.11.4-16.P2.el7.x86_64.rpm bind-sdb-9.11.4-16.P2.el7.x86_64.rpm bind-sdb-chroot-9.11.4-16.P2.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: bind-9.11.4-16.P2.el7.src.rpm noarch: bind-license-9.11.4-16.P2.el7.noarch.rpm ppc64: bind-9.11.4-16.P2.el7.ppc64.rpm bind-chroot-9.11.4-16.P2.el7.ppc64.rpm bind-debuginfo-9.11.4-16.P2.el7.ppc.rpm bind-debuginfo-9.11.4-16.P2.el7.ppc64.rpm bind-export-libs-9.11.4-16.P2.el7.ppc.rpm bind-export-libs-9.11.4-16.P2.el7.ppc64.rpm bind-libs-9.11.4-16.P2.el7.ppc.rpm bind-libs-9.11.4-16.P2.el7.ppc64.rpm bind-libs-lite-9.11.4-16.P2.el7.ppc.rpm bind-libs-lite-9.11.4-16.P2.el7.ppc64.rpm bind-pkcs11-9.11.4-16.P2.el7.ppc64.rpm bind-pkcs11-libs-9.11.4-16.P2.el7.ppc.rpm bind-pkcs11-libs-9.11.4-16.P2.el7.ppc64.rpm bind-pkcs11-utils-9.11.4-16.P2.el7.ppc64.rpm bind-utils-9.11.4-16.P2.el7.ppc64.rpm ppc64le: bind-9.11.4-16.P2.el7.ppc64le.rpm bind-chroot-9.11.4-16.P2.el7.ppc64le.rpm bind-debuginfo-9.11.4-16.P2.el7.ppc64le.rpm bind-export-libs-9.11.4-16.P2.el7.ppc64le.rpm bind-libs-9.11.4-16.P2.el7.ppc64le.rpm bind-libs-lite-9.11.4-16.P2.el7.ppc64le.rpm bind-pkcs11-9.11.4-16.P2.el7.ppc64le.rpm bind-pkcs11-libs-9.11.4-16.P2.el7.ppc64le.rpm bind-pkcs11-utils-9.11.4-16.P2.el7.ppc64le.rpm bind-utils-9.11.4-16.P2.el7.ppc64le.rpm s390x: bind-9.11.4-16.P2.el7.s390x.rpm bind-chroot-9.11.4-16.P2.el7.s390x.rpm bind-debuginfo-9.11.4-16.P2.el7.s390.rpm bind-debuginfo-9.11.4-16.P2.el7.s390x.rpm bind-export-libs-9.11.4-16.P2.el7.s390.rpm bind-export-libs-9.11.4-16.P2.el7.s390x.rpm bind-libs-9.11.4-16.P2.el7.s390.rpm bind-libs-9.11.4-16.P2.el7.s390x.rpm bind-libs-lite-9.11.4-16.P2.el7.s390.rpm bind-libs-lite-9.11.4-16.P2.el7.s390x.rpm bind-pkcs11-9.11.4-16.P2.el7.s390x.rpm bind-pkcs11-libs-9.11.4-16.P2.el7.s390.rpm bind-pkcs11-libs-9.11.4-16.P2.el7.s390x.rpm bind-pkcs11-utils-9.11.4-16.P2.el7.s390x.rpm bind-utils-9.11.4-16.P2.el7.s390x.rpm x86_64: bind-9.11.4-16.P2.el7.x86_64.rpm bind-chroot-9.11.4-16.P2.el7.x86_64.rpm bind-debuginfo-9.11.4-16.P2.el7.i686.rpm bind-debuginfo-9.11.4-16.P2.el7.x86_64.rpm bind-export-libs-9.11.4-16.P2.el7.i686.rpm bind-export-libs-9.11.4-16.P2.el7.x86_64.rpm bind-libs-9.11.4-16.P2.el7.i686.rpm bind-libs-9.11.4-16.P2.el7.x86_64.rpm bind-libs-lite-9.11.4-16.P2.el7.i686.rpm bind-libs-lite-9.11.4-16.P2.el7.x86_64.rpm bind-pkcs11-9.11.4-16.P2.el7.x86_64.rpm bind-pkcs11-libs-9.11.4-16.P2.el7.i686.rpm bind-pkcs11-libs-9.11.4-16.P2.el7.x86_64.rpm bind-pkcs11-utils-9.11.4-16.P2.el7.x86_64.rpm bind-utils-9.11.4-16.P2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: bind-debuginfo-9.11.4-16.P2.el7.ppc.rpm bind-debuginfo-9.11.4-16.P2.el7.ppc64.rpm bind-devel-9.11.4-16.P2.el7.ppc.rpm bind-devel-9.11.4-16.P2.el7.ppc64.rpm bind-export-devel-9.11.4-16.P2.el7.ppc.rpm bind-export-devel-9.11.4-16.P2.el7.ppc64.rpm bind-lite-devel-9.11.4-16.P2.el7.ppc.rpm bind-lite-devel-9.11.4-16.P2.el7.ppc64.rpm bind-pkcs11-devel-9.11.4-16.P2.el7.ppc.rpm bind-pkcs11-devel-9.11.4-16.P2.el7.ppc64.rpm bind-sdb-9.11.4-16.P2.el7.ppc64.rpm bind-sdb-chroot-9.11.4-16.P2.el7.ppc64.rpm ppc64le: bind-debuginfo-9.11.4-16.P2.el7.ppc64le.rpm bind-devel-9.11.4-16.P2.el7.ppc64le.rpm bind-export-devel-9.11.4-16.P2.el7.ppc64le.rpm bind-lite-devel-9.11.4-16.P2.el7.ppc64le.rpm bind-pkcs11-devel-9.11.4-16.P2.el7.ppc64le.rpm bind-sdb-9.11.4-16.P2.el7.ppc64le.rpm bind-sdb-chroot-9.11.4-16.P2.el7.ppc64le.rpm s390x: bind-debuginfo-9.11.4-16.P2.el7.s390.rpm bind-debuginfo-9.11.4-16.P2.el7.s390x.rpm bind-devel-9.11.4-16.P2.el7.s390.rpm bind-devel-9.11.4-16.P2.el7.s390x.rpm bind-export-devel-9.11.4-16.P2.el7.s390.rpm bind-export-devel-9.11.4-16.P2.el7.s390x.rpm bind-lite-devel-9.11.4-16.P2.el7.s390.rpm bind-lite-devel-9.11.4-16.P2.el7.s390x.rpm bind-pkcs11-devel-9.11.4-16.P2.el7.s390.rpm bind-pkcs11-devel-9.11.4-16.P2.el7.s390x.rpm bind-sdb-9.11.4-16.P2.el7.s390x.rpm bind-sdb-chroot-9.11.4-16.P2.el7.s390x.rpm x86_64: bind-debuginfo-9.11.4-16.P2.el7.i686.rpm bind-debuginfo-9.11.4-16.P2.el7.x86_64.rpm bind-devel-9.11.4-16.P2.el7.i686.rpm bind-devel-9.11.4-16.P2.el7.x86_64.rpm bind-export-devel-9.11.4-16.P2.el7.i686.rpm bind-export-devel-9.11.4-16.P2.el7.x86_64.rpm bind-lite-devel-9.11.4-16.P2.el7.i686.rpm bind-lite-devel-9.11.4-16.P2.el7.x86_64.rpm bind-pkcs11-devel-9.11.4-16.P2.el7.i686.rpm bind-pkcs11-devel-9.11.4-16.P2.el7.x86_64.rpm bind-sdb-9.11.4-16.P2.el7.x86_64.rpm bind-sdb-chroot-9.11.4-16.P2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: bind-9.11.4-16.P2.el7.src.rpm noarch: bind-license-9.11.4-16.P2.el7.noarch.rpm x86_64: bind-9.11.4-16.P2.el7.x86_64.rpm bind-chroot-9.11.4-16.P2.el7.x86_64.rpm bind-debuginfo-9.11.4-16.P2.el7.i686.rpm bind-debuginfo-9.11.4-16.P2.el7.x86_64.rpm bind-export-libs-9.11.4-16.P2.el7.i686.rpm bind-export-libs-9.11.4-16.P2.el7.x86_64.rpm bind-libs-9.11.4-16.P2.el7.i686.rpm bind-libs-9.11.4-16.P2.el7.x86_64.rpm bind-libs-lite-9.11.4-16.P2.el7.i686.rpm bind-libs-lite-9.11.4-16.P2.el7.x86_64.rpm bind-pkcs11-9.11.4-16.P2.el7.x86_64.rpm bind-pkcs11-libs-9.11.4-16.P2.el7.i686.rpm bind-pkcs11-libs-9.11.4-16.P2.el7.x86_64.rpm bind-pkcs11-utils-9.11.4-16.P2.el7.x86_64.rpm bind-utils-9.11.4-16.P2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: bind-debuginfo-9.11.4-16.P2.el7.i686.rpm bind-debuginfo-9.11.4-16.P2.el7.x86_64.rpm bind-devel-9.11.4-16.P2.el7.i686.rpm bind-devel-9.11.4-16.P2.el7.x86_64.rpm bind-export-devel-9.11.4-16.P2.el7.i686.rpm bind-export-devel-9.11.4-16.P2.el7.x86_64.rpm bind-lite-devel-9.11.4-16.P2.el7.i686.rpm bind-lite-devel-9.11.4-16.P2.el7.x86_64.rpm bind-pkcs11-devel-9.11.4-16.P2.el7.i686.rpm bind-pkcs11-devel-9.11.4-16.P2.el7.x86_64.rpm bind-sdb-9.11.4-16.P2.el7.x86_64.rpm bind-sdb-chroot-9.11.4-16.P2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-5745 https://access.redhat.com/security/cve/CVE-2019-6465 https://access.redhat.com/security/cve/CVE-2019-6477 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXoObstzjgjWX9erEAQi6Zw/+N8OxJdjKTWJD7rBcm1YTg8qqYosb7QSr 2IPsHa1ZAoeCe/bI5fTrdpV0k4csmok4hqDBKWI8COYNgapgkYY9MP9eANiN7kXR FWyruguFjWKRAKQ4Vn7uKnNQ50KKyoW35E/45h3iTsP2b0f2BuAK4wuUKcxWpXj5 AnMCwOWt4NvuplkQlQUZPWKopMF68cNx0aUGKSs2Yqnp3BZFiJw0IrV/8iiUgAOj ssKbOhfrrmOSlgjgSs+Dylg8x6gPyEjj99LbYYSQmn1Gt51wo9/czmMeIWLzJnSx 1yhd+BVTR7W+fnK8e6BuskEni7biO0Lk1uFc8XrlZw8X87BtPry1yF+VJpjx6JtD dEWf5xoaL4rUTSclWi/b9mQDgDBLebBucM8O7eBL01aBh/+HOX5dNSrzwHJQ80Pz to3UpLdVMPffEf/nzvIQGcnSHfpjPkLAxIeRjmSjCvMmqG3ykm44I4whFxXBJLTm d+1EaHUDuBBKzSYX+jfC1akuXSjHCgc7MG2l4k0xV3SQkW39H9RU/RNJde+y7CTe fIuMuWiGAwl8MKzdQvSei/AzHPLAkI7FnU3+rCTzN//uFju8UAlP2JBkfVCKSx+p MjuQTSSleiaDem/jGQ6GZOzUoD7ZN/x8CVSauKhQIs/Xit9t2HZAgW9w74KWUiLK Yn4aZhP9q28=jTZM -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce