Hi all,

So there's a new DoS vulnerability in bind that will cause the bind
process to exit if a certain packet is sent.

It mentions the following:
Both recursive and authoritative servers are vulnerable to this defect.
 Additionally, exposure is not prevented by either ACLs or configuration
options limiting or denying service because the exploitable code occurs
early in the packet handling, before checks enforcing those boundaries.

All versions of BIND 9 from BIND 9.1.0 (inclusive) through BIND 9.9.7-P1
and BIND 9.10.2-P2 are vulnerable.

Operators should take steps to upgrade to a patched version as soon as
possible.

The ISC has blogged about it here:
https://www.isc.org/blogs/about-cve-2015-5477-an-error-in-handling-tkey-queries-can-cause-named-to-exit-with-a-require-assertion-failure/

Essentially, its a "Whoops, you're all screwed. Upgrade now".

So, any news on an updated version in SL as an urgent priority??

-- 
Steven Haigh

Email: [log in to unmask]
Web: http://www.crc.id.au
Phone: (03) 9001 6090 - 0412 935 897