[3.7] bind: Improper fetch cleanup sequencing in the resolver can cause named to crash (CVE-2017-3145) (#8417) · Issues · alpine / aports

[3.7] bind: Improper fetch cleanup sequencing in the resolver can cause named to crash (CVE-2017-3145)

Improper sequencing during cleanup operations of upstream recursion fetch contexts in BIND can lead to a use-after-free error, triggering an assertion failure and crash in named. Affected BIND versions acting as DNSSEC validating resolvers are currently known to crash with an assertion failure in netaddr.c due to this bug.

Affected versions:

9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1

Fixed In:

bind 9.9.11-P1, bind 9.10.6-P1, bind 9.10.6-S2, bind 9.11.2-P1, bind 9.9.11-S2, bind 9.12.0rc2

References:

https://kb.isc.org/article/AA-01542

(from redmine: issue id 8417, created on 2018-01-25, closed on 2018-02-17)

Relations:
- parent #8415 (closed)

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information