Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 499074

Summary: net-dns/bind-9.9.4_p1 update request to _p2 (DoS vulnerability, CVE-2014-0591)
Product: Gentoo Linux Reporter: Mark (voidzero) <mark>
Component: Current packagesAssignee: Gentoo Linux bug wranglers <bug-wranglers>
Status: RESOLVED DUPLICATE    
Severity: critical CC: alex_y_xu
Priority: Normal Keywords: Bug, EBUILD, SECURITY
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://kb.isc.org/article/AA-01078/0
Whiteboard:
Package list:
Runtime testing required: ---

Description Mark (voidzero) 2014-01-23 20:33:18 UTC
I am affected by the following problems:

CVE-2014-0591: "A Crafted Query Against an NSEC3-signed Zone Can Crash BIND"
https://kb.isc.org/article/AA-01078/0

The crashes, in my case occur due to glibc 2.18 but there are also problems that are unrelated to the glibc version being used.

In my case the problem is described here:
CVE-2014-0591 FAQ and addendum
https://kb.isc.org/article/AA-01085

Please update to 9.9.4_p2 at the earliest convenience. Thank you.
Comment 1 Alex Xu (Hello71) 2014-01-23 21:13:25 UTC

*** This bug has been marked as a duplicate of bug 498016 ***