[v3.0] bind: BIND named can crash due to a defect in EDNS printing processing (CVE-2014-3859)
A query specially crafted to exploit a defect in EDNS option processing can cause named to terminate with an assertion failure.
Both authoritative and recursive servers are vulnerable to this defect. Exploitation of this condition can cause a denial of service in nameservers running affected versions of BIND 9.10. Access Control Lists do not provide protection.
The bug which causes this condition is in libdns; consequently in addition to the named server process other applications (for example: dig and delv) built using the libdns library from the affected source distributions can also be forced to crash with assertion failures triggered in the same fashion.
Upgrade to the patched release most closely related to your current version of BIND. Open source versions can all be downloaded from http://www.isc.org/downloads. BIND 9 version 9.10.0-P2
(from redmine: issue id 3037, created on 2014-06-12, closed on 2014-06-24)
- parent #3033 (closed)