[3.5] bind: Combination of DNS64 and RPZ Can Lead to Crash (CVE-2017-3135)
Under some conditions when using both DNS64 and RPZ to rewrite query
responses, query processing can resume in an
inconsistent state leading to either an INSIST assertion failure or an
attempt to read through a NULL pointer.
Affected versions:
9.9.3-S1 ->9.9.9-S7, 9.9.3 ->9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 ->9.11.0-P2, 9.11.1b1
Fixed in:
BIND 9 version 9.9.9-P6
BIND 9 version 9.10.4-P6
BIND 9 version 9.11.0-P3
Reference:
https://kb.isc.org/article/AA-01453
(from redmine: issue id 6829, created on 2017-02-09, closed on 2017-02-15)
- Relations:
- parent #6827 (closed)
- Changesets:
- Revision 20069650 by Sergei Lukin on 2017-02-13T12:31:17Z:
main/bind: security upgrade to 9.10.4_p6 - fixes #6829
CVE-2017-3135: Combination of DNS64 and RPZ Can Lead to Crash