688388 – (CVE-2019-6471) net-dns/bind - A race condition when discarding malformed packets can cause BIND to exit with an assertion failure

Bug 688388 (CVE-2019-6471) - net-dns/bind - A race condition when discarding malformed packets can cause BIND to exit with an assertion failure

Summary: net-dns/bind - A race condition when discarding malformed packets can caus...

Status:	RESOLVED FIXED

Alias:	CVE-2019-6471

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://kb.isc.org/docs/cve-2019-6471
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2019-06-20 12:27 UTC by Jeroen Roovers (RETIRED)
Modified:	2019-08-07 09:39 UTC (History)
CC List:	3 users (show)

See Also:	CVE-2018-5743, CVE-2019-6467
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jeroen Roovers (RETIRED) gentoo-dev

2019-06-20 12:27:26 UTC

Today ISC disclosed a vulnerability in our BIND software.

Information about the vulnerability can be found in the ISC Knowledge
Base:

   CVE-2019-6471:  A race condition when discarding malformed
   packets can cause BIND to exit with an assertion failure
   https://kb.isc.org/docs/cve-2019-6471

New maintenance releases of BIND released today contain the fix
for the vulnerability along with other bug fixes and feature
improvements.  They may be downloaded from the ISC web site's
download page (https://www.isc.org/downloads)

   -  9.11.8
   -  9.12.4-P2
   -  9.14.3
   -  9.15.1

With the public disclosure of these vulnerabilities, parties which
had been given advance notice concerning them are released from
non-disclosure and packagers and redistributors are encouraged to
publish updated packages containing fixes.