From ${URL} : Description A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error when handling regular expressions. This can be exploited to exhaust memory resources and render the server unusable. Please see the vendor's advisory for a list of affected versions. Solution Apply patches or update to a fixed release (please see the vendor's advisory for details). Provided and/or discovered by The vendor credits Matthew Horsfall, Dyn. Original Advisory ISC: https://kb.isc.org/article/AA-00871
9.9.2-P2 has been added.
(In reply to comment #1) > 9.9.2-P2 has been added. Thanks, Christian. Is this ready for stabilization?
(In reply to comment #2) > (In reply to comment #1) > > 9.9.2-P2 has been added. > > Thanks, Christian. Is this ready for stabilization? Yes.
Arches, please test and mark stable: =net-dns/bind-9.9.2_p2 Target KEYWORDS: "alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
amd64 stable
x86 stable
Stable for HPPA.
CVE-2013-2266 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2266): libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.
ppc stable
ppc64 stable
alpha stable
arm stable
ia64 stable
sparc stable
s390 stable
sh stable
Added to existing GLSA draft.
This issue was resolved and addressed in GLSA 201401-34 at http://security.gentoo.org/glsa/glsa-201401-34.xml by GLSA coordinator Sean Amoss (ackle).