Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 437828 (CVE-2012-5166) - <net-dns/bind-9.9.1_p4: Record Handling Lockup Vulnerability (CVE-2012-5166)
Summary: <net-dns/bind-9.9.1_p4: Record Handling Lockup Vulnerability (CVE-2012-5166)
Status: RESOLVED FIXED
Alias: CVE-2012-5166
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://kb.isc.org/article/AA-00801
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-10-10 12:20 UTC by Agostino Sarubbo
Modified: 2014-01-29 22:52 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-10-10 12:20:25 UTC
See upstream advisory at $URL for more info
Comment 1 Agostino Sarubbo gentoo-dev 2012-10-10 12:21:43 UTC
@security/maintainer: please double-check if we can move it to C3.
Comment 2 Christian Ruppert (idl0r) archtester Gentoo Infrastructure gentoo-dev Security 2012-10-10 20:12:29 UTC
9.9.1-P4 and 9.9.2 have been added but please stabilize bind-9.9.1_p4 for now.
Comment 3 Sean Amoss gentoo-dev Security 2012-10-10 21:56:58 UTC
(In reply to comment #2)
> 9.9.1-P4 and 9.9.2 have been added but please stabilize bind-9.9.1_p4 for
> now.

Thanks, Christian.

Arches, please test and mark stable.
Comment 4 Jeroen Roovers gentoo-dev 2012-10-11 13:38:32 UTC
Stable for HPPA.
Comment 5 Andreas Schürch gentoo-dev 2012-10-11 13:56:35 UTC
x86 done.
Comment 6 Agostino Sarubbo gentoo-dev 2012-10-11 14:23:20 UTC
amd64 stable
Comment 7 Anthony Basile gentoo-dev 2012-10-11 22:31:30 UTC
stable ppc ppc64
Comment 8 Raúl Porcel (RETIRED) gentoo-dev 2012-10-13 16:59:26 UTC
alpha/arm/ia64/s390/sh/sparc stable
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2012-10-13 20:43:27 UTC
CVE-2012-5166 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5166):
  ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4,
  and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to
  cause a denial of service (named daemon hang) via unspecified combinations
  of resource records.
Comment 10 Sean Amoss gentoo-dev Security 2012-10-15 00:57:56 UTC
Thanks, everyone.

GLSA vote: yes.
Comment 11 Stefan Behte (RETIRED) gentoo-dev Security 2012-12-16 21:52:06 UTC
Vote: yes. Added to existing GLSA request.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2014-01-29 22:52:42 UTC
This issue was resolved and addressed in
 GLSA 201401-34 at http://security.gentoo.org/glsa/glsa-201401-34.xml
by GLSA coordinator Sean Amoss (ackle).