Please be advised that ISC announced security advisories for vulnerabilities in ISC BIND. CVE-2016-1285: An error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c. All versions since 9.2.0 are affected. https://kb.isc.org/article/AA-01352 CVE-2016-1286: A problem parsing resource record signatures for DNAME resource records can lead to an assertion failure in resolver.c or db.c. All versions since 9.0.0 are affected. https://kb.isc.org/article/AA-01353 CVE-2016-2088: A response containing multiple DNS cookies causes servers with cookie support enabled to exit with an assertion failure in resolver.c. This affects the 9.10.x versions. https://kb.isc.org/article/AA-01351 Jeremy C. Reed ISC Security Officer
CVE-2016-2088 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2088): resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option. CVE-2016-1286 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1286): named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. CVE-2016-1285 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1285): named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.
@maintainer, please let us know if you would like to call for stabilization on 9.10.3_p4. Thanks.
Any reason this has not even begun stabilization yet? There are remote vulns in here...
Feel free to stabilize. Please stabilize both, =net-dns/bind-9.10.3_p4 and =net-dns/bind-tools-9.10.3_p4.
Arches, please stabilize: =net-dns/bind-9.10.3_p4 =net-dns/bind-tools-9.10.3_p4. Stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
amd64 stable
x86 stable
Stable for HPPA PPC64.
arm stable
alpha stable
ppc stable
sparc stable
ia64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
@arches, it looks like we missed net-dns/bind-tools on this. Please stabilize: =net-dns/bind-tools-9.10.3_p4
New GLSA request filed.
ia64/ppc/sparc done.
This issue was resolved and addressed in GLSA 201610-07 at https://security.gentoo.org/glsa/201610-07 by GLSA coordinator Kristian Fiskerstrand (K_F).