From $URL : Description A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the DNS64 IPv6 transition mechanism when handling certain queries, which can be exploited to trigger a REQUIRE assertion and crash the server via a specially crafted DNS query. Successful exploitation requires that DNS64 is turned on. The vulnerability is reported in versions 9.8.0 through 9.8.4 and 9.9.0 through 9.9.2. Solution Update to version 9.8.4-P1 or 9.9.2-P1.
net-dns/bind-9.9.2_p1 is in the tree. Feel free to stabilize it.
CVE-2012-5688 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5688): ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
(In reply to comment #1) > net-dns/bind-9.9.2_p1 is in the tree. Feel free to stabilize it. Thanks, Christian. Arches, please test and mark stable. =net-dns/bind-9.9.2_p1 Target KEYWORDS: "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
*** Bug 445924 has been marked as a duplicate of this bug. ***
amd64 stable
Stable for HPPA.
x86 stable
ppc stable
ppc64 stable
ia64 stable
sparc stable
alpha stable
arm stable
s390/sh stable
Thanks, everyone. GLSA vote: yes.
Thanks, folks. GLSA Vote: yes, too. Added to existing GLSA request.
This issue was resolved and addressed in GLSA 201401-34 at http://security.gentoo.org/glsa/glsa-201401-34.xml by GLSA coordinator Sean Amoss (ackle).
