RHSA-2012:1122: bind97 security update
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | July 25, 2012 | August 05, 2012 | July 04, 2017 |
Description
The Berkeley Internet Name Domain (BIND) is an implementation of the DomainName System (DNS) protocols. BIND includes a DNS server (named); a resolverlibrary (routines for applications to use when interfacing with DNS); andtools for verifying that the DNS server is operating correctly.An uninitialized data structure use flaw was found in BIND when DNSSECvalidation was enabled. A remote attacker able to send a large number ofqueries to a DNSSEC validating BIND resolver could use this flaw to causeit to exit unexpectedly with an assertion failure. (CVE-2012-3817)Users of bind97 are advised to upgrade to these updated packages, whichcorrect this issue. After installing the update, the BIND daemon (named)will be restarted automatically.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
Solution
redhat-upgrade-bind97Related Vulnerabilities
- HP-UX: CVE-2012-3817: Running BIND, Remote Denial of Service (DoS), Authentication Bypass
- USN-1518-1: Bind vulnerability
- ELSA-2013-0550 Moderate: Oracle Linux bind security and enhancement update
- ELSA-2012-1123 Important: Oracle Linux bind security update
- FreeBSD: dns/bind9* -- Heavy DNSSEC Validation Load Can Cause a 'Bad Cache' Assertion Failure (CVE-2012-3817)
- Amazon Linux AMI: Security patch for bind (ALAS-2012-113) (CVE-2012-3817)
- VMSA-2012-0016: Update to ESX service console bind packages (CVE-2012-3817)
- Alpine Linux: CVE-2012-3817: Vulnerability in bind < [9.9.1-P2|9.8.3-P2|9.7.6-P2] may allow remote denial of service
- FreeBSD: FreeBSD -- named(8) DNSSEC validation Denial of Service (FreeBSD-SA-12:05.bind) (CVE-2012-3817)
- Gentoo Linux: CVE-2012-3817: BIND: Multiple vulnerabilities
- DSA-2517-1 bind9 -- denial of service
- Sun Patch: SunOS 5.10: BIND patch
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 4
- Sun Patch: SunOS 5.9: in.dhcpd libresolv and BIND9 patch
- SUSE Linux Security Vulnerability: CVE-2012-3817
- RHSA-2012:1123: bind security update
- ELSA-2012-1122 Important: Oracle Linux bind97 security update
- Sun Patch: SunOS 5.10_x86: BIND patch
- Oracle Solaris 11: CVE-2012-3817: Vulnerability in Bind
- OS X update for Bind (CVE-2012-3817)
- ELSA-2014-1984 Important: Oracle Linux bind security update
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 3
- OS X update for Apache (CVE-2012-3817)
- Sun Patch: SunOS 5.9_x86: in.dhcpd libresolv and BIND9 patch
- ISC BIND: Heavy DNSSEC Validation Load Can Cause a "Bad Cache" Assertion Failure in BIND9 (CVE-2012-3817)