ISC is planning on announcing a vulnerability tomorrow (2015-06-30) around 1000 PDT (1700 UTC). CVE-2015-4620: Specially Constructed Zone Data Can Cause a Resolver to Crash when Validating, affecting BIND versions 9.7.1+ Please refrain from public announcement and publication of new packages until after we have made our public announcement. The BIND 9.9.7-P1 and 9.10.2-P2 versions will include the fix for this issue. A patch to correct this issue is also attached to this message which may be used to build replacement BIND packages for your users.
Created attachment 405968 [details] bind9-patch-CVE-2015-4620
Public announcement has been postponed.
This issue is now public via https://kb.isc.org/article/AA-01267/: Fixed upstream in versions 9.9.7-P1 and 9.10.2-P2: https://kb.isc.org/article/AA-01270/81/BIND-9.9.7-P1-Release-Notes.html https://kb.isc.org/article/AA-01269/81/BIND-9.10.2-P2-Release-Notes.html Upstream commit: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=a85c6b35affa7179434c41b277109dca2cbe01ec
9.10.2-P2 has been added. if you want to stabilize then please stabilize bind as well as bind-tools 9.10.2_p2.
(In reply to Christian Ruppert (idl0r) from comment #4) > 9.10.2-P2 has been added. if you want to stabilize then please stabilize > bind as well as bind-tools 9.10.2_p2. Thanks for adding
Arches, please stabilize: =net-dns/bind-9.10.2_p2 =net-dns/bind-tools-9.10.2_p2 target KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
amd64 stable
Stable for HPPA PPC64.
x86 stable
Stable on alpha.
arm stable
CVE-2015-4620 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4620): name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone.
ia64 stable
ppc stable
sparc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
I am drafting this now.
Arches and Maintainer(s), Thank you for your work.
This issue was resolved and addressed in GLSA 201510-01 at https://security.gentoo.org/glsa/201510-01 by GLSA coordinator Mikle Kolyada (Zlogene).