--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-c0f12f789e
2018-07-31 17:09:33.504439
--------------------------------------------------------------------------------
Name : bind
Product : Fedora 27
Version : 9.11.4
Release : 1.fc27
URL :
http://www.isc.org/products/BIND/
Summary : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
Description :
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named),
which resolves host names to IP addresses; a resolver library
(routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating properly.
--------------------------------------------------------------------------------
Update Information:
Update to bind 9.11.4 ---- - Fix CVE-2018-5738 - Remove named.iscdlv.key -
Make home writeable - Use invalid shell /bin/false for bind
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 12 2018 Petr Men����k <pemensik(a)redhat.com> - 32:9.11.4-1
- Update to 9.11.4
* Thu Jul 12 2018 Petr Men����k <pemensik(a)redhat.com> - 32:9.11.3-7
- Use new config file named-chroot.files for chroot setup (#1429656)
- Fix chroot devices file verification (#1592873)
- Prevent errors on bind-chroot uninstall when running (#1600583)
* Wed Jun 27 2018 Petr Men����k <pemensik(a)redhat.com> - 32:9.11.3-6
- Require utils instead of library
* Fri May 25 2018 Petr Men����k <pemensik(a)redhat.com> - 32:9.11.3-5
- Remove named.iscdlv.key file (#1595782)
- Fix CVE-2018-5738
- Make named home writeable (#1422680)
- Change named shell to /bin/false
* Thu Apr 5 2018 Petr Men����k <pemensik(a)redhat.com> - 32:9.11.3-4
- Do not link libidn2 to all libraries (#1098783)
- Update named.ca
* Tue Apr 3 2018 Petr Men����k <pemensik(a)redhat.com> - 32:9.11.3-3
- Enable libidn2 support (#1098783)
- Make +noidnout default
* Wed Mar 21 2018 Petr Men����k <pemensik(a)redhat.com> - 32:9.11.3-2
- Rebase to 9.11.3
- Add dig support for libidn2 (#1098783)
* Thu Feb 15 2018 Petr Men����k <pemensik(a)redhat.com> - 32:9.11.3-1.b1
- Rebase to 9.11.3b1
* Thu Jan 18 2018 Petr Men����k <pemensik(a)redhat.com> - 32:9.11.2-1.P1
- Fix CVE-2017-3145, rebase to 9.11.2-P1
* Wed Jan 10 2018 Petr Men����k <pemensik(a)redhat.com> - 32:9.11.1-10.P3
- Proper fix for python3-bind subpackage directory ownership (#1522944)
* Fri Dec 15 2017 Petr Men����k <pemensik(a)redhat.com> - 32:9.11.1-9.P3
- Own python3-bind isc directory (#1522944)
- Make tsstsig system test pass again (#1500017)
* Mon Oct 23 2017 Petr Men����k <pemensik(a)redhat.com> - 32:9.11.1-8.P3
- Include DNSKEY 20326 also in trusted-key.key (#1505476)
- Fix dynamic symbols conflict with ldap (#1205168)
- Use hmac-sha256 for new RNDC keys (#1508003)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1589616 - CVE-2018-5738 bind: Improper handling of configuration allows all
clients to perform recursive queries
https://bugzilla.redhat.com/show_bug.cgi?id=1589616
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-c0f12f789e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------