From ${URL} : Today ISC announced CVE-2017-3135, a denial-of-service vulnerability that can affect resolvers using both DNS64 and RPZ to rewrite responses for the same view. This affects all BIND 9.9 releases since 9.9.3, all BIND 9.10 releases, and all BIND 9.11 releases, including the 9.9.10b1, 9.10.5b1, and 9.11.1b1 releases. Our full CVE text can be found at https://kb.isc.org/article/AA-01453 New releases of BIND, including security fixes for this vulnerability, are available at: www.isc.org/downloads/ Release notes can be obtained using the following links: ftp://ftp.isc.org/isc/bind9/9.9.9-P6/ ftp://ftp.isc.org/isc/bind9/9.10.4-P6/ ftp://ftp.isc.org/isc/bind9/9.11.0-P3/ ftp://ftp.isc.org/isc/bind9/9.9.10rc1/ ftp://ftp.isc.org/isc/bind9/9.10.5rc1/ ftp://ftp.isc.org/isc/bind9/9.11.1rc1/ @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
bind and bind-tools 9.11.0_p3 have been added and should be good to stabilize.
@ Arches, please test and mark stable: =net-dns/bind-9.11.0_p3 =net-dns/bind-tools-9.11.0_p3
amd64 stable
x86 stable
Stable on alpha.
arm stable
sparc stable
ia64 stable
ppc ppc64 stable.
(In reply to Christian Ruppert (idl0r) from comment #1) > bind and bind-tools 9.11.0_p3 have been added and should be good to > stabilize. With the same problems that went unfixed with _p2's stabilisation.
(In reply to Jeroen Roovers from comment #10) > With the same problems that went unfixed with _p2's stabilisation. Jer are you referencing bug #607400?
(In reply to Yury German from comment #11) > (In reply to Jeroen Roovers from comment #10) > > > With the same problems that went unfixed with _p2's stabilisation. > > Jer are you referencing bug #607400? Depends on: 597204 600212 (edit)
Superseded by bug 615420. Added to an existing GLSA.
This issue was resolved and addressed in GLSA 201708-01 at https://security.gentoo.org/glsa/201708-01 by GLSA coordinator Yury German (BlueKnight).