Summary: | <net-dns/bind-9.10.4_p3: DoS via assert (CVE-2016-2776) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | duncan, idl0r, vk-gentoo-bugs, yamada |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://kb.isc.org/article/AA-01419 | ||
Whiteboard: | A3 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 598750 | ||
Bug Blocks: |
Description
Hanno Böck
2016-09-28 07:55:58 UTC
9.10.4_p3 has just been added. In case of stabilization please stabilize both, bind and bind-tools 9.10.4_p3. Arches, please stabilize: =net-dns/bind-9.10.4_p3 =net-dns/bind-tools-9.10.4_p3 Stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 Stable on alpha. ppc stable arm stable ia64 stable Stable for HPPA PPC64. amd64 stable CVE-2016-2776 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2776): buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. This issue was resolved and addressed in GLSA 201610-07 at https://security.gentoo.org/glsa/201610-07 by GLSA coordinator Kristian Fiskerstrand (K_F). Reopening for completion of slacking arches Please mark x86 as STABLE *** Bug 595498 has been marked as a duplicate of this bug. *** are there any reasons why x86 is not marked stable? x86 stable @ Arches, please continue in bug 598750. Newer version already stable. Will proceed in that bug. |