Summary: | <net-dns/bind-9.16.12: GSSAPI security policy negotiation buffer overflow (CVE-2020-8625) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | chutzpah, zlogene |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://kb.isc.org/docs/cve-2020-8625 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
![]() ![]() ![]() ![]() Well, there was a regression which caused a crash when handling certain requests that is already patched: https://gitlab.isc.org/isc-projects/bind9/-/issues/2503 Note that ISC are not treating this issue as a security issue, because "this is a newly introduced option and disabled by default": https://www.openwall.com/lists/oss-security/2021/02/19/5 (In reply to John Helmert III (ajak) from comment #1) > Well, there was a regression which caused a crash when handling certain > requests that is already patched: > https://gitlab.isc.org/isc-projects/bind9/-/issues/2503 > > Note that ISC are not treating this issue as a security issue, because "this > is a newly introduced option and disabled by default": > > https://www.openwall.com/lists/oss-security/2021/02/19/5 And another, workaround included (and probably patches somewhere): https://lists.isc.org/pipermail/bind-announce/2021-February/001180.html |