Summary: | <net-dns/bind-9.8.3_p1 : Handling of zero length rdata can cause named to terminate unexpectedly (CVE-2012-1667) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Christian Ruppert (idl0r) <idl0r> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | barzog, hanno |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.isc.org/software/bind/advisories/cve-2012-1667 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Christian Ruppert (idl0r)
2012-06-04 17:09:24 UTC
Thanks for the report, can we go ahead and stabilize 9.8.3-P1 or needs more testing? (In reply to comment #1) > Thanks for the report, can we go ahead and stabilize 9.8.3-P1 or needs more > testing? Go ahead. Arches, please test and mark stable: =net-dns/bind-9.8.3-p1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" (In reply to comment #3) > =net-dns/bind-9.8.3-p1 Arches, please test and mark stable: =net-dns/bind-9.8.3_p1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" Stable for HPPA. ppc done amd64 stable x86 stable, thanks CVE-2012-1667 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1667): ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record. alpha/ia64/m68k/s390/sh/sparc stable Adding to existing GLSA draft with 427966. If there are any objections, feel free to delete from the draft. This issue was resolved and addressed in GLSA 201209-04 at http://security.gentoo.org/glsa/glsa-201209-04.xml by GLSA coordinator Sean Amoss (ackle). |