From Vendor-Sec: NISCC informed me there are some BIND flaws going public on 20050125; they got rated "low" severity however. Contact NISCC as normal for details, vulteam@niscc.gov.uk
vulteam@niscc.gov.uk contacted and replied that more info should be available on monday.
Selected parts of NISCC mail follows: Draft NISCC Vulnerability Advisory 731920/NISCC/BIND9 Vulnerability Issues with the BIND 9 Software Severity -------- This is rated as low, although if exploited this could potentially result in a denial-of-service. Summary ------- A weakness in the self-check function of BIND 9 have been discovered by the Internet Systems Consortium, Inc. (ISC). ISC have solutions available that can rectify these issues, please refer to the 'Solution' section for further information. Details ------- CVE ID: CAN-2005-034 An incorrect assumption in the validator can result in an internal consistancy test failing and this can cause named to terminate abnormally. Mitigation ---------- ISC have recommended the following work-around: - Disable dnssec validation (off by default) at the Options/View level Solution -------- ISC have released an updated version of BIND to recitify this issue: - BIND 9.3.1 This is available from the ISC website at http://www.isc.org/sw/bind/. Credits ------- The NISCC Vulnerability Team would like to thank ISC for reporting this issue to NISCC and for their assistance in the handling of this vulnerability. Contact Information ------------------- The NISCC Vulnerability Management Team can be contacted as follows: Email vulteam@niscc.gov.uk Please quote the advisory reference in the subject line We encourage those who wish to communicate via email to make use of our PGP key. This is available from http://www.niscc.gov.uk/niscc/publicKey2-en.pop. C 2005 Crown Copyright
Jeffrey you're still the only daddy in metadata from a few hours ago. A security update to 9.3.1 (9.2.x is unaffected) is needed later today so you better sort out who is going to take care of that.
This one is public now. Jeffrey please bump.
CC'ing potential daddies. Someone please bump.
*** Bug 79688 has been marked as a duplicate of this bug. ***
Security: bind-9.3.0_rc2.ebuild is KEYWORDS="-x86 -ppc -sparc -alpha -hppa -amd64 -ia64". 9.3.1 is available only as beta2 at the moment (which I'm working on putting into the tree with the same keywords as above).
Thx Robin.
Bind 9.3.1_beta2 in the tree now.
Closing without GLSA.
Since 9.3.1 final has been released, why isn't there an ebuild yet? btw. there is a new release of dhcpd too.