+++ This bug was initially created as a clone of Bug #22409 +++ ISC has issued an advisory today (January 16): https://kb.isc.org/article/AA-01542 The issue is fixed upstream in 9.11.2-P1: https://kb.isc.org/article/AA-01550 It is also fixed in 9.10.6-P1: https://kb.isc.org/article/AA-01548 Mageia 5 and Mageia 6 are also affected. Cloning the bug for the Mageia 5 update. Sysadmins, please submit it.
Advisory: ======================== Updated bind packages fix security vulnerability: BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named (CVE-2017-3145). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3145 https://kb.isc.org/article/AA-01542 https://kb.isc.org/article/AA-01548 ======================== Updated packages in core/updates_testing: ======================== bind-9.10.6.P1-1.mga5 bind-sdb-9.10.6.P1-1.mga5 bind-utils-9.10.6.P1-1.mga5 bind-devel-9.10.6.P1-1.mga5 bind-doc-9.10.6.P1-1.mga5 python-bind-9.10.6.P1-1.mga5 from bind-9.10.6.P1-1.mga5.src.rpm
Assignee: sysadmin-bugs => qa-bugs
Upgraded bind on my Mageia 5 i586 server; named service is still working fine.
Whiteboard: (none) => MGA5-32-OK
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0093.html
Status: NEW => RESOLVEDResolution: (none) => FIXED