[3.1] bind: Assertion Failure in buffer.c While Building Responses to a Specifically Constructed Request (CVE-2016-2776)

A defect in the rendering of messages into packets can cause named to exit with an assertion
failure in buffer.c while constructing a response to a query that meets certain criteria.

This assertion can be triggered even if the apparent source address isn’t allowed to make queries (i.e. doesn’t match ‘allow-query’).

Affected versions:

9.0.x ->9.8.x, 9.9.0~~9.9.9-P2, 9.9.3-S1~~>9.9.9-S3, 9.10.0~~9.10.4-P2, 9.11.0a1~~>9.11.0rc1

Fixed In Version:

bind 9.9.9-P3, bind 9.10.4-P3

Reference:

https://kb.isc.org/article/AA-01419/0

(from redmine: issue id 6227, created on 2016-09-28, closed on 2016-10-25)

Relations:
- parent #6222 (closed)
Changesets:
- Revision ed53a1ae on 2016-10-19T08:24:49Z:

main/bind: security upgrade to 9.10.4_p3 (CVE-2016-2776)

Fixes #6227

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information