Bug 25673

Summary: CVE-2011-1910: Large RRSIG RRsets and Negative Caching can crash named
Product: Sisyphus Reporter: Vladimir Lettiev <crux>
Component: bind9.8Assignee: Michael Shigorin <mike>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: blocker    
Priority: P3 Keywords: security
Version: unstable   
Hardware: all   
OS: Linux   
URL: http://www.isc.org/software/bind/advisories/cve-2011-1910

Description Vladimir Lettiev 2011-05-27 13:08:08 MSK 
A BIND 9 DNS server set up to be a caching resolver is vulnerable to a user querying a domain with very large resource record sets (RRSets) when trying to negatively cache a response. This can cause the BIND 9 DNS server (named process) to crash.
Upgrade to 9.8.0-P2
Comment 1 Vladimir Lettiev 2011-08-12 14:01:11 MSK 
 * Sun Jun 12 2011 Victor Forsiuk <force@altlinux.org> 9.8.0-alt0.2
 - 9.8.0-P2 (security fixes for CVE-2011-1907 and CVE-2011-1910).