Summary: | <net-dns/bind-9.10.2_p4: Denial of Service due to issue with Trust Anchor Management (CVE-2015-1349) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Marc Schiffbauer <mschiff> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | idl0r |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://kb.isc.org/article/AA-01235/0/CVE-2015-1349%3A-A-Problem-with-Trust-Anchor-Management-Can-Cause-named-to-Crash.html | ||
Whiteboard: | A3 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Marc Schiffbauer
2015-02-19 11:29:38 UTC
Seems like net-dns/bind is pretty much unmaintained... Gentoo has only these vulberable versions in tree since weeks now :-/ @idl0r: Ping? Are you too busy? Or not interested in net-dns/bind anymore? CVE-2015-1349 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1349): named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use. This issue was resolved and addressed in GLSA 201510-01 at https://security.gentoo.org/glsa/201510-01 by GLSA coordinator Mikle Kolyada (Zlogene). This issue was resolved and addressed in GLSA 201510-01 at https://security.gentoo.org/glsa/201510-01 by GLSA coordinator Mikle Kolyada (Zlogene). |