From the URL:
An error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit.
Both recursive and authoritative servers are vulnerable to this defect. Additionally, exposure is not prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling, before checks enforcing those boundaries.
BIND 9 version 9.9.7-P2 and 9.10.2-P3 have been released to resolve this.
*** Bug 556326 has been marked as a duplicate of this bug. ***
9.10.2_p3 has just been added.
(In reply to Christian Ruppert (idl0r) from comment #2)
> 9.10.2_p3 has just been added.
should we stabilize that one?
Arches, please stabilize:
Stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
What about Users who want to stay on the 9.9.x branch? Do you plan to release an ebuild for 9.9.7-P2 ?
127.zone file under /var/bind/pri gets killed during upgrade from 9.9.5-r3
Stable on alpha.
(In reply to Robert R. Richter from comment #8)
> 127.zone file under /var/bind/pri gets killed during upgrade from 9.9.5-r3
This probably isn't the place to discuss it, but it does seem odd for it to just disappear from 9.9 to 9.10. localhost.zone is still installed. If anything, rather than losing the IPv4 reverse zone for loopback they should have added the IPv6 reverse for loopback :). I considered opening a new bug but I'm just going to add them to my local config.
Stable for HPPA PPC64.
Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Added to existing GLSA
This issue was resolved and addressed in
GLSA 201510-01 at https://security.gentoo.org/glsa/201510-01
by GLSA coordinator Mikle Kolyada (Zlogene).