| Summary: | bind new security issue CVE-2017-3145 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | sysadmin-bugs |
| Version: | 5 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA5-32-OK | ||
| Source RPM: | bind-9.10.5.P3-1.mga5.src.rpm | CVE: | |
| Status comment: | |||
| Bug Depends on: | 22409 | ||
| Bug Blocks: | |||
|
Description
David Walser
2018-01-19 16:15:11 CET
Advisory: ======================== Updated bind packages fix security vulnerability: BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named (CVE-2017-3145). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3145 https://kb.isc.org/article/AA-01542 https://kb.isc.org/article/AA-01548 ======================== Updated packages in core/updates_testing: ======================== bind-9.10.6.P1-1.mga5 bind-sdb-9.10.6.P1-1.mga5 bind-utils-9.10.6.P1-1.mga5 bind-devel-9.10.6.P1-1.mga5 bind-doc-9.10.6.P1-1.mga5 python-bind-9.10.6.P1-1.mga5 from bind-9.10.6.P1-1.mga5.src.rpm Assignee:
sysadmin-bugs =>
qa-bugs Upgraded bind on my Mageia 5 i586 server; named service is still working fine. Whiteboard:
(none) =>
MGA5-32-OK
Lewis Smith
2018-01-21 20:33:23 CET
Keywords:
(none) =>
advisory, validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0093.html Status:
NEW =>
RESOLVED |