CVE-2019-6471 #19
Comments
This was referenced Jun 20, 2019
|
Commit + PR to |
ventz
added a commit
that referenced
this issue
Jun 24, 2019
|
Updated in aports 3.9 (main/bind) - Pushed commit here: 38bfc87 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch. BIND Supported Preview Edition versions 9.11.3-S1 -> 9.11.7-S1.
Severity: Medium
Exploitable: Remotely
Description:
A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c.
Impact:
An attacker who can cause a resolver to perform queries which will be answered by a server which responds with deliberately malformed answers can cause named to exit, denying service to clients.
Workarounds:
None.
Solution:
Upgrade to the patched release most closely related to your current version of BIND:
BIND 9.11.8
BIND 9.12.4-P2
BIND 9.14.3
BIND 9.15.1
@tcely ^ just FYI
The text was updated successfully, but these errors were encountered: