If a record with RDATA in excess of 65535 bytes is loaded into a nameserver, a subsequent query for that record will cause named to exit with an assertion failure.
Please Note: Versions of BIND 9.4 and 9.5 are also affected, but these branches are beyond their "end of life" (EOL) and no longer receive testing or security fixes from ISC. For current information on which versions are actively supported, please see http://www.isc.org/software/bind/versions.
BIND 9 version 9.9.2, 9.9.1-P3
Feel free to stabilize 9.9.1-P3.
Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
stable arm ppc ppc64
alpha/arm/ia64/s390/sh/sparc stable and x86 is already stable
ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3,
and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to
cause a denial of service (assertion failure and named daemon exit) via a
query for a long resource record.
Stable for HPPA.
GLSA vote: yes.
GLSA Vote: yes, too. Added to existing draft.
This issue was resolved and addressed in
GLSA 201209-04 at http://security.gentoo.org/glsa/glsa-201209-04.xml
by GLSA coordinator Sean Amoss (ackle).