bind: Combination of DNS64 and RPZ Can Lead to Crash (CVE-2017-3135)
Under some conditions when using both DNS64 and RPZ to rewrite query
responses, query processing can resume in an
inconsistent state leading to either an INSIST assertion failure or an
attempt to read through a NULL pointer.
Affected versions:
9.9.3-S1 ->9.9.9-S7, 9.9.3 ->9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 ->9.11.0-P2, 9.11.1b1
Fixed in:
BIND 9 version 9.9.9-P6
*BIND 9 version 9.10.4-P6
BIND 9 version 9.11.0-P3*
Reference:
https://kb.isc.org/article/AA-01453
(from redmine: issue id 6827, created on 2017-02-09, closed on 2017-02-15)
- Relations:
- child #6828 (closed)
- child #6829 (closed)
- child #6830 (closed)
- child #6831 (closed)
- child #6832 (closed)