I cam across this somewhere and it seems to be an issue with all binds.
This might be worth a GLSA.
Several fixes are on the site.
SANS blog Entry:
The DSA tracker:
DSA, only delivers an list of old items
FYI, the company I work for was hit by this in a malicious attack. It's a DOS attack that causes named to crash and core dump.
This sounds rather serious, according to upstream, fixes are in 9.8.1-P1, 9.7.4-P1, 9.6-ESV-R5-P1, 9.4-ESV-R5-P1 (and current stable in portage 9.7.3 is not mentioned, so maybe it's unsupported upstream).
I can confirm this, only last of each minor is supported, therefore we need to have at least 9.8.1-P1 and 9.7.4-P1 and one of them being stable
(In reply to comment #4)
> This sounds rather serious, according to upstream, fixes are in 9.8.1-P1,
> 9.7.4-P1, 9.6-ESV-R5-P1, 9.4-ESV-R5-P1 (and current stable in portage 9.7.3 is
> not mentioned, so maybe it's unsupported upstream).
Exactly. So while we're on it, it would be cool if we could stabilize both versions otherwise at least 9.7.4_p1.
Both bumps are in gentoo-x86 now and will be on the mirrors soonish.
LWN just ran an article saying that this vulnerability is out in the wild and being actively exploited and that many servers are experiencing DoS as a result.
Other distros are already posting notices.
Personaly i disagree with minor, as it is a core function of todays internet.
There is at least some urgency associated with this incident.
new server (9.7.4_p1) is now running.
Minor difference, 9.7.3_p3 started althoug a log file could not be created, 9.7.4_p1 doesn't start when this happens, not a big deal.
Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Amd64: works for me.
amd64 ok, looks perfect on a server.
Stable for HPPA.
+ 28 Nov 2011; Tony Vroon <firstname.lastname@example.org> bind-9.7.4_p1.ebuild:
+ Marked stable on AMD64 based on arch testing by Tomáš "Mepho" Pružina &
+ Agostino "ago" Sarubbo in security bug #390753.
query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV
through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1
through 9.9.0b1 allows remote attackers to cause a denial of service
(assertion failure and named exit) via unknown vectors related to recursive
DNS queries, error logging, and the caching of an invalid record by the
Thanks, folks. GLSA Vote: yes.
Vote: Yes. GLSA request filed.
This issue was resolved and addressed in
GLSA 201206-01 at http://security.gentoo.org/glsa/glsa-201206-01.xml
by GLSA coordinator Stefan Behte (craig).