Summary: | <net-dns/bind-{9.9.3_p2, 9.8.5_p2} A specially crafted query can cause BIND to terminate abnormally (CVE-2013-4854) | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | dwfreed <dwfreed> | ||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | minor | CC: | axiator, hendrik, idl0r, mr.jarry, toto, xmw | ||||||
Priority: | Normal | ||||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
URL: | https://kb.isc.org/article/AA-01015 | ||||||||
Whiteboard: | B3 [glsa] | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Bug Depends on: | |||||||||
Bug Blocks: | 476034 | ||||||||
Attachments: |
|
Description
dwfreed
2013-07-27 05:04:35 UTC
*** Bug 478464 has been marked as a duplicate of this bug. *** Created attachment 354474 [details] ebuild for Bind 9.9.3_p2 Here is an ebuild for Bind 9.9.3_p2; the only change I had to make was to remove the patch for bug 463626 which was added upstream. I built and tested this ebuild using a minimal set of use flags and I also built but did not extensively test a more full-featured build with most of the database backends enabled. Created attachment 354554 [details, diff]
bind-9.9.3_p2.ebuild.patch
Please submit diffs.
Why:
- stable keywords?
- no newstats/ecdsa?
- no systemd unit file?
- no generate-rndc-key.sh?
9.9.3-P2 has been added yesterday. Feel free to stabilize. Arches, please test and mark stable: =net-dns/bind-9.9.3_p2 =net-dns/bind-tools-9.9.3_p2 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" Stable for HPPA. alpha stable amd64 stable ia64 stable ppc64 stable ppc stable sparc stable x86 stable s390 stable sh stable arm stable GLSA vote: yes CVE-2013-4854 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4854): The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013. Added to existing request. This issue was resolved and addressed in GLSA 201401-34 at http://security.gentoo.org/glsa/glsa-201401-34.xml by GLSA coordinator Sean Amoss (ackle). |