Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 437828 (CVE-2012-5166)

Summary: <net-dns/bind-9.9.1_p4: Record Handling Lockup Vulnerability (CVE-2012-5166)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: minor CC: idl0r
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2012-10-10 12:20:25 UTC
See upstream advisory at $URL for more info
Comment 1 Agostino Sarubbo gentoo-dev 2012-10-10 12:21:43 UTC
@security/maintainer: please double-check if we can move it to C3.
Comment 2 Christian Ruppert (idl0r) archtester Gentoo Infrastructure gentoo-dev Security 2012-10-10 20:12:29 UTC
9.9.1-P4 and 9.9.2 have been added but please stabilize bind-9.9.1_p4 for now.
Comment 3 Sean Amoss (RETIRED) gentoo-dev Security 2012-10-10 21:56:58 UTC
(In reply to comment #2)
> 9.9.1-P4 and 9.9.2 have been added but please stabilize bind-9.9.1_p4 for
> now.

Thanks, Christian.

Arches, please test and mark stable.
Comment 4 Jeroen Roovers gentoo-dev 2012-10-11 13:38:32 UTC
Stable for HPPA.
Comment 5 Andreas Schürch gentoo-dev 2012-10-11 13:56:35 UTC
x86 done.
Comment 6 Agostino Sarubbo gentoo-dev 2012-10-11 14:23:20 UTC
amd64 stable
Comment 7 Anthony Basile gentoo-dev 2012-10-11 22:31:30 UTC
stable ppc ppc64
Comment 8 Raúl Porcel (RETIRED) gentoo-dev 2012-10-13 16:59:26 UTC
alpha/arm/ia64/s390/sh/sparc stable
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2012-10-13 20:43:27 UTC
CVE-2012-5166 (
  ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4,
  and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to
  cause a denial of service (named daemon hang) via unspecified combinations
  of resource records.
Comment 10 Sean Amoss (RETIRED) gentoo-dev Security 2012-10-15 00:57:56 UTC
Thanks, everyone.

GLSA vote: yes.
Comment 11 Stefan Behte (RETIRED) gentoo-dev Security 2012-12-16 21:52:06 UTC
Vote: yes. Added to existing GLSA request.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2014-01-29 22:52:42 UTC
This issue was resolved and addressed in
 GLSA 201401-34 at
by GLSA coordinator Sean Amoss (ackle).