Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 608740 (CVE-2017-3135) - <net-dns/bind-9.11.0_p3: Combination of DNS64 and RPZ Can Lead to Crash
Summary: <net-dns/bind-9.11.0_p3: Combination of DNS64 and RPZ Can Lead to Crash
Status: RESOLVED FIXED
Alias: CVE-2017-3135
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: B3 [glsa cve]
Keywords:
Depends on: CVE-2017-3136, CVE-2017-3137, CVE-2017-3138
Blocks:
  Show dependency tree
 
Reported: 2017-02-09 11:19 UTC by Agostino Sarubbo
Modified: 2017-08-17 03:03 UTC (History)
1 user (show)

See Also:
Package list:
=net-dns/bind-9.11.0_p3 =net-dns/bind-tools-9.11.0_p3 =dev-libs/fstrm-0.2.0-r1 alpha arm hppa
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2017-02-09 11:19:22 UTC
From ${URL} :

Today ISC announced CVE-2017-3135, a denial-of-service vulnerability
that can affect resolvers using both DNS64 and RPZ to rewrite responses
for the same view.

This affects all BIND 9.9 releases since 9.9.3, all BIND 9.10 releases,
and all BIND 9.11 releases, including the 9.9.10b1, 9.10.5b1, and
9.11.1b1 releases.

Our full CVE text can be found at https://kb.isc.org/article/AA-01453

New releases of BIND, including security fixes for this vulnerability,
are available at: www.isc.org/downloads/

Release notes can be obtained using the following links:

ftp://ftp.isc.org/isc/bind9/9.9.9-P6/
ftp://ftp.isc.org/isc/bind9/9.10.4-P6/
ftp://ftp.isc.org/isc/bind9/9.11.0-P3/
ftp://ftp.isc.org/isc/bind9/9.9.10rc1/
ftp://ftp.isc.org/isc/bind9/9.10.5rc1/
ftp://ftp.isc.org/isc/bind9/9.11.1rc1/


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Christian Ruppert (idl0r) archtester Gentoo Infrastructure gentoo-dev Security 2017-02-13 21:22:10 UTC
bind and bind-tools 9.11.0_p3 have been added and should be good to stabilize.
Comment 2 Thomas Deutschmann gentoo-dev Security 2017-02-13 21:52:45 UTC
@ Arches,

please test and mark stable:

=net-dns/bind-9.11.0_p3
=net-dns/bind-tools-9.11.0_p3
Comment 3 Agostino Sarubbo gentoo-dev 2017-02-14 14:53:13 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2017-02-14 15:40:16 UTC
x86 stable
Comment 5 Tobias Klausmann gentoo-dev 2017-02-15 13:52:33 UTC
Stable on alpha.
Comment 6 Markus Meier gentoo-dev 2017-02-15 17:54:58 UTC
arm stable
Comment 7 Agostino Sarubbo gentoo-dev 2017-02-17 11:00:47 UTC
sparc stable
Comment 8 Agostino Sarubbo gentoo-dev 2017-02-18 14:47:55 UTC
ia64 stable
Comment 9 Michael Weber (RETIRED) gentoo-dev 2017-02-20 14:04:28 UTC
ppc ppc64 stable.
Comment 10 Jeroen Roovers gentoo-dev 2017-03-21 13:52:47 UTC
(In reply to Christian Ruppert (idl0r) from comment #1)
> bind and bind-tools 9.11.0_p3 have been added and should be good to
> stabilize.

With the same problems that went unfixed with _p2's stabilisation.
Comment 11 Yury German Gentoo Infrastructure gentoo-dev Security 2017-03-24 06:38:11 UTC
(In reply to Jeroen Roovers from comment #10)

> With the same problems that went unfixed with _p2's stabilisation.

Jer are you referencing bug #607400?
Comment 12 Jeroen Roovers gentoo-dev 2017-04-18 12:50:56 UTC
(In reply to Yury German from comment #11)
> (In reply to Jeroen Roovers from comment #10)
> 
> > With the same problems that went unfixed with _p2's stabilisation.
> 
> Jer are you referencing bug #607400?

Depends on: 597204 600212 (edit)
Comment 13 Thomas Deutschmann gentoo-dev Security 2017-06-08 22:28:02 UTC
Superseded by bug 615420.

Added to an existing GLSA.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2017-08-17 03:03:13 UTC
This issue was resolved and addressed in
 GLSA 201708-01 at https://security.gentoo.org/glsa/201708-01
by GLSA coordinator Yury German (BlueKnight).