[3.6] bind: Combination of DNS64 and RPZ Can Lead to Crash (CVE-2017-3135)
Under some conditions when using both DNS64 and RPZ to rewrite query
responses, query processing can resume in an
inconsistent state leading to either an INSIST assertion failure or an
attempt to read through a NULL pointer.
Affected versions:
9.9.3-S1 ->9.9.9-S7, 9.9.3 ->9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 ->9.11.0-P2, 9.11.1b1
Fixed in:
BIND 9 version 9.9.9-P6
BIND 9 version 9.10.4-P6
BIND 9 version 9.11.0-P3
Reference:
https://kb.isc.org/article/AA-01453
(from redmine: issue id 6828, created on 2017-02-09, closed on 2017-02-15)
- Relations:
- parent #6827 (closed)
- Changesets:
- Revision b8632ab3 by Natanael Copa on 2017-02-09T10:22:32Z:
main/bind: security upgrade to 9.11.0_p3 (CVE-2017-3135)
fixes #6828