Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 598750 (CVE-2016-8864)

Summary: <net-dns/bind-9.10.4_p4: assert via DNAME can crash resolver (CVE-2016-8864)
Product: Gentoo Security Reporter: Hanno Böck <hanno>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: ercpe, idl0r, luke
Priority: Normal Flags: kensington: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://kb.isc.org/article/AA-01434
Whiteboard: A3 [glsa cve]
Package list:
=net-dns/bind-9.10.4_p4 =net-dns/bind-tools-9.10.4_p4
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 595340    

Description Hanno Böck gentoo-dev 2016-11-02 09:37:59 UTC
From upstream advisory:
"A defect in BIND's handling of responses containing a DNAME answer can cause a resolver to exit after encountering an assertion failure in db.c or resolver.c"

Fixed upstream versions:
BIND 9 version 9.9.9-P4
BIND 9 version 9.10.4-P4
BIND 9 version 9.11.0-P1
Comment 1 Christian Ruppert (idl0r) gentoo-dev 2016-11-05 12:09:55 UTC
bind and bind-tools 9.10.4_p4 has just been added.
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2016-11-11 06:38:14 UTC
(In reply to Christian Ruppert (idl0r) from comment #1)
> bind and bind-tools 9.10.4_p4 has just been added.

Ready for stable?
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2016-11-28 17:49:18 UTC
@ Arches,

please test and mark stable: =net-dns/bind-9.10.4_p4
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2016-11-28 17:51:27 UTC
@ Arches,

please test and mark stable:

=net-dns/bind-9.10.4_p4
=net-dns/bind-tools-9.10.4_p4
Comment 5 Agostino Sarubbo gentoo-dev 2016-11-29 10:41:58 UTC
amd64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2016-11-29 10:44:20 UTC
x86 stable
Comment 7 Markus Meier gentoo-dev 2016-11-30 19:37:16 UTC
arm stable
Comment 8 Tobias Klausmann (RETIRED) gentoo-dev 2016-12-02 14:21:37 UTC
Stable on alpha.
Comment 9 Agostino Sarubbo gentoo-dev 2016-12-19 14:38:53 UTC
sparc stable
Comment 10 Agostino Sarubbo gentoo-dev 2016-12-19 15:15:29 UTC
ia64 stable
Comment 11 Agostino Sarubbo gentoo-dev 2016-12-20 09:48:33 UTC
ppc stable
Comment 12 Agostino Sarubbo gentoo-dev 2016-12-22 09:37:20 UTC
ppc64 stable
Comment 13 Aaron Bauman (RETIRED) gentoo-dev 2017-01-01 13:46:10 UTC
hppa ping.
Comment 14 Jeroen Roovers (RETIRED) gentoo-dev 2017-01-09 13:43:06 UTC
Stable for HPPA.
Comment 15 Thomas Deutschmann (RETIRED) gentoo-dev 2017-01-09 18:04:58 UTC
New GLSA request filed.

@ Maintainer(s): Please cleanup <net-dns/bind-9.10.4_p4 and <net-dns/bind-tools-9.10.4_p4!
Comment 16 GLSAMaker/CVETool Bot gentoo-dev 2017-01-11 12:27:39 UTC
This issue was resolved and addressed in
 GLSA 201701-26 at https://security.gentoo.org/glsa/201701-26
by GLSA coordinator Aaron Bauman (b-man).
Comment 17 Aaron Bauman (RETIRED) gentoo-dev 2017-01-11 12:28:20 UTC
reopening for cleanup
Comment 18 Aaron Bauman (RETIRED) gentoo-dev 2017-01-23 03:58:34 UTC
tree is clean.