Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 608740 (CVE-2017-3135)

Summary: <net-dns/bind-9.11.0_p3: Combination of DNS64 and RPZ Can Lead to Crash
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: idl0r
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.openwall.com/lists/oss-security/2017/02/08/9
Whiteboard: B3 [glsa cve]
Package list:
=net-dns/bind-9.11.0_p3 =net-dns/bind-tools-9.11.0_p3 =dev-libs/fstrm-0.2.0-r1 alpha arm hppa
Runtime testing required: ---
Bug Depends on: 615420    
Bug Blocks:    

Description Agostino Sarubbo gentoo-dev 2017-02-09 11:19:22 UTC
From ${URL} :

Today ISC announced CVE-2017-3135, a denial-of-service vulnerability
that can affect resolvers using both DNS64 and RPZ to rewrite responses
for the same view.

This affects all BIND 9.9 releases since 9.9.3, all BIND 9.10 releases,
and all BIND 9.11 releases, including the 9.9.10b1, 9.10.5b1, and
9.11.1b1 releases.

Our full CVE text can be found at https://kb.isc.org/article/AA-01453

New releases of BIND, including security fixes for this vulnerability,
are available at: www.isc.org/downloads/

Release notes can be obtained using the following links:

ftp://ftp.isc.org/isc/bind9/9.9.9-P6/
ftp://ftp.isc.org/isc/bind9/9.10.4-P6/
ftp://ftp.isc.org/isc/bind9/9.11.0-P3/
ftp://ftp.isc.org/isc/bind9/9.9.10rc1/
ftp://ftp.isc.org/isc/bind9/9.10.5rc1/
ftp://ftp.isc.org/isc/bind9/9.11.1rc1/


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Christian Ruppert (idl0r) gentoo-dev 2017-02-13 21:22:10 UTC
bind and bind-tools 9.11.0_p3 have been added and should be good to stabilize.
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2017-02-13 21:52:45 UTC
@ Arches,

please test and mark stable:

=net-dns/bind-9.11.0_p3
=net-dns/bind-tools-9.11.0_p3
Comment 3 Agostino Sarubbo gentoo-dev 2017-02-14 14:53:13 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2017-02-14 15:40:16 UTC
x86 stable
Comment 5 Tobias Klausmann (RETIRED) gentoo-dev 2017-02-15 13:52:33 UTC
Stable on alpha.
Comment 6 Markus Meier gentoo-dev 2017-02-15 17:54:58 UTC
arm stable
Comment 7 Agostino Sarubbo gentoo-dev 2017-02-17 11:00:47 UTC
sparc stable
Comment 8 Agostino Sarubbo gentoo-dev 2017-02-18 14:47:55 UTC
ia64 stable
Comment 9 Michael Weber (RETIRED) gentoo-dev 2017-02-20 14:04:28 UTC
ppc ppc64 stable.
Comment 10 Jeroen Roovers (RETIRED) gentoo-dev 2017-03-21 13:52:47 UTC
(In reply to Christian Ruppert (idl0r) from comment #1)
> bind and bind-tools 9.11.0_p3 have been added and should be good to
> stabilize.

With the same problems that went unfixed with _p2's stabilisation.
Comment 11 Yury German Gentoo Infrastructure gentoo-dev 2017-03-24 06:38:11 UTC
(In reply to Jeroen Roovers from comment #10)

> With the same problems that went unfixed with _p2's stabilisation.

Jer are you referencing bug #607400?
Comment 12 Jeroen Roovers (RETIRED) gentoo-dev 2017-04-18 12:50:56 UTC
(In reply to Yury German from comment #11)
> (In reply to Jeroen Roovers from comment #10)
> 
> > With the same problems that went unfixed with _p2's stabilisation.
> 
> Jer are you referencing bug #607400?

Depends on: 597204 600212 (edit)
Comment 13 Thomas Deutschmann (RETIRED) gentoo-dev 2017-06-08 22:28:02 UTC
Superseded by bug 615420.

Added to an existing GLSA.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2017-08-17 03:03:13 UTC
This issue was resolved and addressed in
 GLSA 201708-01 at https://security.gentoo.org/glsa/201708-01
by GLSA coordinator Yury German (BlueKnight).