Summary: | <net-dns/bind-9.11.2_p1: Improper fetch cleanup sequencing in the resolver can cause named to crash | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | duncan, idl0r, idl0r, luke |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://kb.isc.org/article/AA-01542 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
net-dns/bind-tools-9.11.2_p1
net-dns/bind-9.11.2_p1
|
Runtime testing required: | --- |
Description
Thomas Deutschmann (RETIRED)
2018-01-15 22:15:07 UTC
CVE-2017-3145: ============== BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. bind as well as bind-tools 9.11.2-P2 has just been pushed. (In reply to Christian Ruppert (idl0r) from comment #2) > bind as well as bind-tools 9.11.2-P2 has just been pushed. Christian, I am not seeing it, after a fresh Git sync, in the repo. (In reply to Aaron Bauman from comment #3) > (In reply to Christian Ruppert (idl0r) from comment #2) > > bind as well as bind-tools 9.11.2-P2 has just been pushed. > > Christian, I am not seeing it, after a fresh Git sync, in the repo. Oops, sorry, I meant 9.11.2-P1 of course - net-dns/bind-9.11.2_p1. Christian, thank you for clarifying and please let us know when you are ready to call for stable. bind is running fine for me for about 24h now, If you want, proceed with the stabilization process but please for both, bind and bind-tools. Thanks! @ Arches, please test and mark stable: net-dns/bind-tools-9.11.2_p1 net-dns/bind-9.11.2_p1 amd64 stable x86 stable ia64 stable ppc stable arm stable hppa stable arm64 doesn't have stable keywords on these, please pay attention what arches you CC Stable on alpha. ppc64 done. last arch done @Maintainers please clean tree from vulnerable versions. GLSA Vote: No. tree is clean The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8319e0fede99aa4bf599860eeac1a5bcf4ea729d commit 8319e0fede99aa4bf599860eeac1a5bcf4ea729d Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-05-08 05:50:18 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-05-08 06:23:27 +0000 net-dns/bind: stable 9.11.2_p1 for sparc Bug: https://bugs.gentoo.org/644706 Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="sparc" net-dns/bind/bind-9.11.2_p1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b57e16c0207aeb8b8ae924c8f7b342eb1c94db6f commit b57e16c0207aeb8b8ae924c8f7b342eb1c94db6f Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-05-08 05:49:42 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-05-08 06:23:27 +0000 net-dns/bind-tools: stable 9.11.2_p1 for sparc Bug: https://bugs.gentoo.org/644706 Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="sparc" net-dns/bind-tools/bind-tools-9.11.2_p1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) |