Oval Definition:oval:com.redhat.rhsa:def:20080533
Revision Date:2008-07-10Version:636
Title:RHSA-2008:0533: bind security update (Important)
Description:ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols.

The DNS protocol protects against spoofing attacks by requiring an attacker to predict both the DNS transaction ID and UDP source port of a request. In recent years, a number of papers have found problems with DNS implementations which make it easier for an attacker to perform DNS cache-poisoning attacks.

  • Previous versions of BIND did not use randomized UDP source ports. If an attacker was able to predict the random DNS transaction ID, this could make DNS cache-poisoning attacks easier. In order to provide more resilience, BIND has been updated to use a range of random UDP source ports. (CVE-2008-1447)

    Note: This errata also updates SELinux policy on Red Hat Enterprise Linux 4 and 5 to allow BIND to use random UDP source ports.

    Users of BIND are advised to upgrade to these updated packages, which contain a backported patch to add this functionality.

    Red Hat would like to thank Dan Kaminsky for reporting this issue.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2008-1447
    RHSA-2008:0533
    RHSA-2008:0533-02
    RHSA-2008:0533-02
    Platform(s):Red Hat Enterprise Linux 3
    Red Hat Enterprise Linux 4
    Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • bind-devel is earlier than 20:9.2.4-22.el3
  • AND bind-devel is signed with Red Hat master key
  • bind is earlier than 20:9.2.4-22.el3
  • AND bind is signed with Red Hat master key
  • bind-libs is earlier than 20:9.2.4-22.el3
  • AND bind-libs is signed with Red Hat master key
  • bind-utils is earlier than 20:9.2.4-22.el3
  • AND bind-utils is signed with Red Hat master key
  • bind-chroot is earlier than 20:9.2.4-22.el3
  • AND bind-chroot is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • bind is earlier than 20:9.2.4-28.0.1.el4
  • AND bind is signed with Red Hat master key
  • bind-libs is earlier than 20:9.2.4-28.0.1.el4
  • AND bind-libs is signed with Red Hat master key
  • bind-devel is earlier than 20:9.2.4-28.0.1.el4
  • AND bind-devel is signed with Red Hat master key
  • bind-chroot is earlier than 20:9.2.4-28.0.1.el4
  • AND bind-chroot is signed with Red Hat master key
  • bind-utils is earlier than 20:9.2.4-28.0.1.el4
  • AND bind-utils is signed with Red Hat master key
  • selinux-policy-targeted is earlier than 0:1.17.30-2.150.el4
  • AND selinux-policy-targeted is signed with Red Hat master key
  • selinux-policy-targeted-sources is earlier than 0:1.17.30-2.150.el4
  • AND selinux-policy-targeted-sources is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • selinux-policy-mls is earlier than 0:2.4.6-137.1.el5_2
  • AND selinux-policy-mls is signed with Red Hat redhatrelease key
  • selinux-policy-targeted is earlier than 0:2.4.6-137.1.el5_2
  • AND selinux-policy-targeted is signed with Red Hat redhatrelease key
  • selinux-policy is earlier than 0:2.4.6-137.1.el5_2
  • AND selinux-policy is signed with Red Hat redhatrelease key
  • selinux-policy-strict is earlier than 0:2.4.6-137.1.el5_2
  • AND selinux-policy-strict is signed with Red Hat redhatrelease key
  • selinux-policy-devel is earlier than 0:2.4.6-137.1.el5_2
  • AND selinux-policy-devel is signed with Red Hat redhatrelease key
  • bind-devel is earlier than 30:9.3.4-6.0.2.P1.el5_2
  • AND bind-devel is signed with Red Hat redhatrelease key
  • bind-sdb is earlier than 30:9.3.4-6.0.2.P1.el5_2
  • AND bind-sdb is signed with Red Hat redhatrelease key
  • bind-utils is earlier than 30:9.3.4-6.0.2.P1.el5_2
  • AND bind-utils is signed with Red Hat redhatrelease key
  • bind-libs is earlier than 30:9.3.4-6.0.2.P1.el5_2
  • AND bind-libs is signed with Red Hat redhatrelease key
  • bind-chroot is earlier than 30:9.3.4-6.0.2.P1.el5_2
  • AND bind-chroot is signed with Red Hat redhatrelease key
  • bind-libbind-devel is earlier than 30:9.3.4-6.0.2.P1.el5_2
  • AND bind-libbind-devel is signed with Red Hat redhatrelease key
  • bind is earlier than 30:9.3.4-6.0.2.P1.el5_2
  • AND bind is signed with Red Hat redhatrelease key
  • caching-nameserver is earlier than 30:9.3.4-6.0.2.P1.el5_2
  • AND caching-nameserver is signed with Red Hat redhatrelease key
    • Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • bind is earlier than 20:9.2.4-28.0.1.el4
  • AND bind is signed with Red Hat redhatrelease2 key
  • bind-chroot is earlier than 20:9.2.4-28.0.1.el4
  • AND bind-chroot is signed with Red Hat redhatrelease2 key
  • bind-devel is earlier than 20:9.2.4-28.0.1.el4
  • AND bind-devel is signed with Red Hat redhatrelease2 key
  • bind-libs is earlier than 20:9.2.4-28.0.1.el4
  • AND bind-libs is signed with Red Hat redhatrelease2 key
  • bind-utils is earlier than 20:9.2.4-28.0.1.el4
  • AND bind-utils is signed with Red Hat redhatrelease2 key
  • selinux-policy-targeted is earlier than 0:1.17.30-2.150.el4
  • AND selinux-policy-targeted is signed with Red Hat redhatrelease2 key
  • selinux-policy-targeted-sources is earlier than 0:1.17.30-2.150.el4
  • AND selinux-policy-targeted-sources is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • selinux-policy is earlier than 0:2.4.6-137.1.el5_2
  • AND selinux-policy is signed with Red Hat redhatrelease2 key
  • selinux-policy-devel is earlier than 0:2.4.6-137.1.el5_2
  • AND selinux-policy-devel is signed with Red Hat redhatrelease2 key
  • selinux-policy-mls is earlier than 0:2.4.6-137.1.el5_2
  • AND selinux-policy-mls is signed with Red Hat redhatrelease2 key
  • selinux-policy-strict is earlier than 0:2.4.6-137.1.el5_2
  • AND selinux-policy-strict is signed with Red Hat redhatrelease2 key
  • selinux-policy-targeted is earlier than 0:2.4.6-137.1.el5_2
  • AND selinux-policy-targeted is signed with Red Hat redhatrelease2 key
  • bind is earlier than 30:9.3.4-6.0.2.P1.el5_2
  • AND bind is signed with Red Hat redhatrelease2 key
  • bind-chroot is earlier than 30:9.3.4-6.0.2.P1.el5_2
  • AND bind-chroot is signed with Red Hat redhatrelease2 key
  • bind-devel is earlier than 30:9.3.4-6.0.2.P1.el5_2
  • AND bind-devel is signed with Red Hat redhatrelease2 key
  • bind-libbind-devel is earlier than 30:9.3.4-6.0.2.P1.el5_2
  • AND bind-libbind-devel is signed with Red Hat redhatrelease2 key
  • bind-libs is earlier than 30:9.3.4-6.0.2.P1.el5_2
  • AND bind-libs is signed with Red Hat redhatrelease2 key
  • bind-sdb is earlier than 30:9.3.4-6.0.2.P1.el5_2
  • AND bind-sdb is signed with Red Hat redhatrelease2 key
  • bind-utils is earlier than 30:9.3.4-6.0.2.P1.el5_2
  • AND bind-utils is signed with Red Hat redhatrelease2 key
  • caching-nameserver is earlier than 30:9.3.4-6.0.2.P1.el5_2
  • AND caching-nameserver is signed with Red Hat redhatrelease2 key
    • BACK