#8362 closed enhancement (fixed)
bind-9.10.4-P3 bind-utils-9.10.4-P3 bind9
| Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | high | Milestone: | 8.0 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New minor version
* SECURITY RELEASE *
(Link to oss-security mailing list will be posted in a little bit)
ftp://ftp.isc.org/isc/bind9/9.10.4-P3/RELEASE-NOTES-bind-9.10.4-P3.html
BIND 9.10.4-P3 addresses the security issue described in CVE-2016-2776 and addresses an interoperability issue with ECS clients.
Security Fixes
It was possible to trigger a assertion when rendering a message using a specially crafted request. This flaw is disclosed in CVE-2016-2776. [RT #43139]
getrrsetbyname with a non absolute name could trigger an infinite recursion bug in lwresd and named with lwres configured if when combined with a search list entry the resulting name is too long. This flaw is disclosed in CVE-2016-2775. [RT #42694]
New Features
None.
Feature Changes
None.
Porting Changes
None.
Bug Fixes
ECS clients with the option set to 0.0.0.0/0/0 or ::/0/0 where incorrectly getting a FORMERR response.
Windows installs were failing due to triggering UAC without the installation binary being signed.
A race condition in rbt/rbtdb was leading to INSISTs being triggered.
https://kb.isc.org/article/AA-01419
CVE:
CVE-2016-2776
Document Version:
2.0
Posting date:
2016-09-27
Program Impacted:
BIND
Versions affected:
9.0.x -> 9.8.x, 9.9.0->9.9.9-P2, 9.9.3-S1->9.9.9-S3, 9.10.0->9.10.4-P2, 9.11.0a1->9.11.0rc1
Severity:
High
Exploitable:
Remotely
Description:
Testing by ISC has uncovered a critical error condition which can occur when a nameserver is constructing a response. A defect in the rendering of messages into packets can cause named to exit with an assertion failure in buffer.c while constructing a response to a query that meets certain criteria.
This assertion can be triggered even if the apparent source address isn't allowed to make queries (i.e. doesn't match 'allow-query').
Impact:
All servers are vulnerable if they can receive request packets from any source.
CVSS Score: 7.8
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C)
For more information on the Common Vulnerability Scoring System and to obtain your specific environmental score please visit: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Workarounds:
No practical workarounds exist.
Active exploits:
No known active exploits.
Solution: Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.
BIND 9 version 9.9.9-P3
BIND 9 version 9.10.4-P3
BIND 9 version 9.11.0rc3
BIND 9 Supported Preview edition is a feature preview version of BIND provided exclusively to eligible ISC Support customers.
BIND 9 version 9.9.9-S5
Document Revision History:
1.0 Advance Notification 2016-09-14
1.1 Added information about the Stable Preview release to versions affected. Updated solution section to reflect replacing 9.11.0rc2 with 9.11.0rc3 and 9.9.9-S4 with 9.9.9-S5.
2.0 Posting date changed and public disclosure.
Change History (3)
comment:1 by , 8 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 8 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Fixed at r17840