Summary: | <net-dns/bind-{,tools}-9.10.4_p2: potential denial-of-service attack against lwres functionality in BIND (CVE-2016-2775) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | idl0r |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2016/07/19/1 | ||
Whiteboard: | B3 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2016-07-19 07:37:04 UTC
CVE-2016-2775 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2775): ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. fixed version is already in tree. @maintainer(s), ready to stable? Ping on Stabilization? See also #595340 This issue was resolved and addressed in GLSA 201610-07 at https://security.gentoo.org/glsa/201610-07 by GLSA coordinator Kristian Fiskerstrand (K_F). |