An update for bind is now available for Red Hat Enterprise Linux 6.2 AdvancedUpdate Support.Red Hat Product Security has rated this update as having a security impact ofImportant.

A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain NameSystem (DNS) protocols.

BIND includes a DNS server (named); a resolver library(routines for applications to use when interfacing with DNS); and tools forverifying that the DNS server is operating correctly.Security Fix(es):* A denial of service flaw was found in the way BIND parsed signature recordsfor DNAME records.

By sending a specially crafted query, a remote attacker coulduse this flaw to cause named to crash. (CVE-2016-1286)* A denial of service flaw was found in the way BIND processed certain controlchannel input.

A remote attacker able to send a malformed packet to the controlchannel could use this flaw to cause named to crash. (CVE-2016-1285)Red Hat would like to thank ISC for reporting these issues.
For details on how to apply this update, which includes the changes described inthis advisory, refer to: installing the update, the BIND daemon (named) will be restartedautomatically.Red Hat Enterprise Linux Server AUS (v. 6.2)

    MD5: 1b36d734a9a809d59b60ec408cdc3c1aSHA-256: da76575695fc795579a8b408d61a2e9279b7df46b5e5c2be0362f0c01572df20
    MD5: cff3577fb487a36ac72390edf72b1fa4SHA-256: 4384590017bb54f463d376f9c220db727403c87e331a5da409000b8d53d20ffe
    MD5: 0c94201ccf6780c26bdd0369e69c0590SHA-256: e73985fcfd7fec874355d0ac96e31d966ba21e43619be8a02eb99cceb53bc167
    MD5: 24eadebdf4e2ad8ac5286a615908c01aSHA-256: 36a628a392d58d299e97a3ceefedd64789fd95ab3e2f44b5ce4fe0d08ca6c20f
    MD5: 364b4357535f7ddd0591188c3a9770fbSHA-256: a4886971b0a14d0be4ed05d3a8aeb0c85f534cc13840efa6752bd159bb14c210
    MD5: 1d160fe9615a56ea3a19f1a1cbb88494SHA-256: 219a7e29d8ce953e5f4d3e636024f18ead3ce33434f694d98bc93ebd1ea51c05
    MD5: 2ed4795ce3299c966556a8900dcfb374SHA-256: c19c2235512a92f6c12cb93aab65958424b1edeff7985a9f07d0a21c3869236e
    MD5: aedaaa5de15039f8de5c10888d011339SHA-256: be72a9e47523494f576be73bce26c2ba756aeb0aaf04e95daeaa9ffca1f3a9d5
    MD5: 3c6a1e8b45eeac90af86d3c867ac2410SHA-256: 2c6ee42df1b7c1f1af3f9c301a0023d951c205a37d471ce019550dc1bd85b894
    MD5: 798ec45dd49a57113ecbdf3b195802c3SHA-256: 5b809b4cd7d0c917fbd3b76011511ae42e49d1e2a89ab4d52cb578ac6453ed69
    MD5: c26dd66a0a548ccd01a345223f9c72d8SHA-256: d2be5f25c293acb4d8ac2c4bfe57a944b3f28e42227b370bf8cdbba30cc38b04
(The unlinked packages above are only available from the Red Hat Network)

1315674 – CVE-2016-1285 bind: malformed packet sent to rndc can trigger assertion failure1315680 – CVE-2016-1286 bind: malformed signature records for DNAME records can trigger assertion failure

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: