Versions affected:BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch. BIND Supported Preview Edition versions 9.11.3-S1 -> 9.11.7-S1.
Severity:Medium
Exploitable:Remotely
Description:
A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c.
Impact:
An attacker who can cause a resolver to perform queries which will be answered by a server which responds with deliberately malformed answers can cause named to exit, denying service to clients.
Workarounds:
None.
Solution:
Upgrade to the patched release most closely related to your current version of BIND:
Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch. BIND Supported Preview Edition versions 9.11.3-S1 -> 9.11.7-S1.
Severity: Medium
Exploitable: Remotely
Description:
A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c.
Impact:
An attacker who can cause a resolver to perform queries which will be answered by a server which responds with deliberately malformed answers can cause named to exit, denying service to clients.
Workarounds:
None.
Solution:
Upgrade to the patched release most closely related to your current version of BIND:
BIND 9.11.8 BIND 9.12.4-P2 BIND 9.14.3 BIND 9.15.1
@tcely ^ just FYI