Description: If a record with RDATA in excess of 65535 bytes is loaded into a nameserver, a subsequent query for that record will cause named to exit with an assertion failure. Please Note: Versions of BIND 9.4 and 9.5 are also affected, but these branches are beyond their "end of life" (EOL) and no longer receive testing or security fixes from ISC. For current information on which versions are actively supported, please see http://www.isc.org/software/bind/versions. Solution: BIND 9 version 9.9.2, 9.9.1-P3
Feel free to stabilize 9.9.1-P3.
Thanks. Arches, please test and mark stable: =net-dns/bind-9.9.1_p3 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
amd64 stable
stable arm ppc ppc64
alpha/arm/ia64/s390/sh/sparc stable and x86 is already stable
CVE-2012-4244 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4244): ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record.
Stable for HPPA.
Thanks, everyone. GLSA vote: yes.
GLSA Vote: yes, too. Added to existing draft.
This issue was resolved and addressed in GLSA 201209-04 at http://security.gentoo.org/glsa/glsa-201209-04.xml by GLSA coordinator Sean Amoss (ackle).