Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 688388 (CVE-2019-6471)

Summary: net-dns/bind - A race condition when discarding malformed packets can cause BIND to exit with an assertion failure
Product: Gentoo Security Reporter: Jeroen Roovers (RETIRED) <jer>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: chris, idl0r, jbuchert+genbug
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://kb.isc.org/docs/cve-2019-6471
See Also: https://bugs.gentoo.org/show_bug.cgi?id=684706
Whiteboard: B3 [noglsa cve]
Package list:
Runtime testing required: ---

Description Jeroen Roovers (RETIRED) gentoo-dev 2019-06-20 12:27:26 UTC
Today ISC disclosed a vulnerability in our BIND software.

Information about the vulnerability can be found in the ISC Knowledge
Base:

   CVE-2019-6471:  A race condition when discarding malformed
   packets can cause BIND to exit with an assertion failure
   https://kb.isc.org/docs/cve-2019-6471

New maintenance releases of BIND released today contain the fix
for the vulnerability along with other bug fixes and feature
improvements.  They may be downloaded from the ISC web site's
download page (https://www.isc.org/downloads)

   -  9.11.8
   -  9.12.4-P2
   -  9.14.3
   -  9.15.1

With the public disclosure of these vulnerabilities, parties which
had been given advance notice concerning them are released from
non-disclosure and packagers and redistributors are encouraged to
publish updated packages containing fixes.