Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 553584 (CVE-2015-4620)

Summary: <net-dns/bind-9.10.2_p2: Denial of Service via specially constructed zone data (CVE-2015-4620)
Product: Gentoo Security Reporter: Tobias Heinlein (RETIRED) <keytoaster>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: idl0r
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A3 [glsa cve]
Package list:
Runtime testing required: ---
Attachments:
Description Flags
bind9-patch-CVE-2015-4620 none

Description Tobias Heinlein (RETIRED) gentoo-dev 2015-06-29 19:11:34 UTC 
ISC is planning on announcing a vulnerability tomorrow (2015-06-30)
around 1000 PDT (1700 UTC).

  CVE-2015-4620: Specially Constructed Zone Data Can Cause a Resolver
  to Crash when Validating, affecting BIND versions 9.7.1+

Please refrain from public announcement and publication of new packages
until after we have made our public announcement.

The BIND 9.9.7-P1 and 9.10.2-P2 versions will include the fix for this 
issue. A patch to correct this issue is also attached to this message 
which may be used to build replacement BIND packages for your users.
Comment 1 Tobias Heinlein (RETIRED) gentoo-dev 2015-06-29 19:12:52 UTC 
Created attachment 405968 [details]
bind9-patch-CVE-2015-4620
Comment 2 Tobias Heinlein (RETIRED) gentoo-dev 2015-06-30 18:10:53 UTC 
Public announcement has been postponed.
Comment 4 Christian Ruppert (idl0r) gentoo-dev 2015-07-08 17:44:39 UTC 
9.10.2-P2 has been added. if you want to stabilize then please stabilize bind as well as bind-tools 9.10.2_p2.
Comment 5 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-07-08 17:49:37 UTC 
(In reply to Christian Ruppert (idl0r) from comment #4)
> 9.10.2-P2 has been added. if you want to stabilize then please stabilize
> bind as well as bind-tools 9.10.2_p2.

Thanks for adding
Comment 6 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-07-09 17:04:20 UTC 
Arches, please stabilize:

=net-dns/bind-9.10.2_p2

=net-dns/bind-tools-9.10.2_p2

target KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
Comment 7 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-07-09 17:34:49 UTC 
amd64 stable
Comment 8 Jeroen Roovers (RETIRED) gentoo-dev 2015-07-11 06:27:22 UTC 
Stable for HPPA PPC64.
Comment 9 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-07-11 19:00:47 UTC 
x86 stable
Comment 10 Tobias Klausmann (RETIRED) gentoo-dev 2015-07-14 19:19:20 UTC 
Stable on alpha.
Comment 11 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-07-15 16:25:20 UTC 
arm stable
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2015-07-16 12:06:50 UTC 
CVE-2015-4620 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4620):
  name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x
  before 9.10.2-P2, when configured as a recursive resolver with DNSSEC
  validation, allows remote attackers to cause a denial of service (REQUIRE
  assertion failure and daemon exit) by constructing crafted zone data and
  then making a query for a name in that zone.
Comment 13 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-07-17 16:24:39 UTC 
ia64 stable
Comment 14 Agostino Sarubbo gentoo-dev 2015-07-23 09:02:54 UTC 
ppc stable
Comment 15 Agostino Sarubbo gentoo-dev 2015-07-23 09:39:07 UTC 
sparc stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 16 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-07-23 15:20:16 UTC 
I am drafting this now.
Comment 17 Yury German Gentoo Infrastructure gentoo-dev 2015-09-08 05:34:59 UTC 
Arches and Maintainer(s), Thank you for your work.
Comment 18 GLSAMaker/CVETool Bot gentoo-dev 2015-10-18 19:52:11 UTC 
This issue was resolved and addressed in
 GLSA 201510-01 at https://security.gentoo.org/glsa/201510-01
by GLSA coordinator Mikle Kolyada (Zlogene).