FYI, I spun new rpms for our bind servers yesterday but have not applied the upgrade yet. They've got config in them and I'm not 100% what state Augie left them in and didn't want to delve into that yesterday. Should the servers start crashing we can replace the bind binary at the very least until I have a chance to review the config. I don't like how he set these servers up anyway and wanted to rework them.
But, I'm just going to push new binary now to buy some more time on that. On Tue, Jul 30, 2013 at 02:04:46PM +0000, Pat Riehecky wrote: > Synopsis: Important: bind97 security update > Advisory ID: SLSA-2013:1115-1 > Issue Date: 2013-07-30 > CVE Numbers: CVE-2013-4854 > -- > > A denial of service flaw was found in BIND. A remote attacker could use > this flaw to send a specially-crafted DNS query to named that, when > processed, would cause named to crash when rejecting the malformed query. > (CVE-2013-4854) > > After installing the update, the BIND daemon (named) will be restarted > automatically. > -- > > SL5 > x86_64 > bind97-9.7.0-17.P2.el5_9.2.x86_64.rpm > bind97-chroot-9.7.0-17.P2.el5_9.2.x86_64.rpm > bind97-debuginfo-9.7.0-17.P2.el5_9.2.i386.rpm > bind97-debuginfo-9.7.0-17.P2.el5_9.2.x86_64.rpm > bind97-devel-9.7.0-17.P2.el5_9.2.i386.rpm > bind97-devel-9.7.0-17.P2.el5_9.2.x86_64.rpm > bind97-libs-9.7.0-17.P2.el5_9.2.i386.rpm > bind97-libs-9.7.0-17.P2.el5_9.2.x86_64.rpm > bind97-utils-9.7.0-17.P2.el5_9.2.x86_64.rpm > i386 > bind97-9.7.0-17.P2.el5_9.2.i386.rpm > bind97-chroot-9.7.0-17.P2.el5_9.2.i386.rpm > bind97-debuginfo-9.7.0-17.P2.el5_9.2.i386.rpm > bind97-devel-9.7.0-17.P2.el5_9.2.i386.rpm > bind97-libs-9.7.0-17.P2.el5_9.2.i386.rpm > bind97-utils-9.7.0-17.P2.el5_9.2.i386.rpm > > - Scientific Linux Development Team > -- Kelsey Cummings - [email protected] sonic.net, inc. System Architect 2260 Apollo Way 707.522.1000 Santa Rosa, CA 95407
