|Summary:||net-dns/bind - A race condition when discarding malformed packets can cause BIND to exit with an assertion failure|
|Product:||Gentoo Security||Reporter:||Jeroen Roovers (RETIRED) <jer>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Severity:||normal||CC:||chris, idl0r, jbuchert+genbug|
|Whiteboard:||B3 [noglsa cve]|
|Package list:||Runtime testing required:||---|
Description Jeroen Roovers (RETIRED) 2019-06-20 12:27:26 UTC
Today ISC disclosed a vulnerability in our BIND software. Information about the vulnerability can be found in the ISC Knowledge Base: CVE-2019-6471: A race condition when discarding malformed packets can cause BIND to exit with an assertion failure https://kb.isc.org/docs/cve-2019-6471 New maintenance releases of BIND released today contain the fix for the vulnerability along with other bug fixes and feature improvements. They may be downloaded from the ISC web site's download page (https://www.isc.org/downloads) - 9.11.8 - 9.12.4-P2 - 9.14.3 - 9.15.1 With the public disclosure of these vulnerabilities, parties which had been given advance notice concerning them are released from non-disclosure and packagers and redistributors are encouraged to publish updated packages containing fixes.