ISC has issued an advisory on August 8: https://kb.isc.org/article/AA-01639 The issue is fixed upstream in 9.11.4-P1: https://kb.isc.org/article/AA-01644 It is also fixed in 9.10.8-P1: https://kb.isc.org/article/AA-01643 Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO
Assigning to the registered maintainer.
Assignee: bugsquad => guillomovitchCC: (none) => marja11
Fixed in cauldron by 9.11.4.P1-1..mga7
Whiteboard: MGA6TOO => (none)Version: Cauldron => 6
bind-9.10.8.P1-1.mga6 just submitted in updates_testing.
Thanks Guillaume! Advisory: ======================== Updated bind packages fix security vulnerability: In ISC BIND, a defect in thie "deny-answer-aliases" feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Accidental or deliberate triggering of this defect will cause a REQUIRE assertion failure in named, causing the named process to stop execution and resulting in denial of service to clients (CVE-2018-5740). Note that only servers which have explicitly enabled the "deny-answer-aliases" feature are at risk and disabling the feature prevents exploitation. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5740 https://kb.isc.org/article/AA-01639 https://kb.isc.org/article/AA-01643 ======================== Updated packages in core/updates_testing: ======================== bind-9.10.8.P1-1.mga6 bind-sdb-9.10.8.P1-1.mga6 bind-utils-9.10.8.P1-1.mga6 bind-devel-9.10.8.P1-1.mga6 bind-doc-9.10.8.P1-1.mga6 python-bind-9.10.8.P1-1.mga6 from bind-9.10.8.P1-1.mga6.src.rpm
Assignee: guillomovitch => qa-bugsCC: (none) => guillomovitch
MGA6-32 MATE on IBM Thinkpad R50e On first test only installed bind-utils and bind-doc on this feeble laptop. Ran dig and nslookup commands against my own DNS-server on my home network. Answers are OK. I'll wait a little if someone else does the server part before I venture putting the server on this laptop and change its network settings.
CC: (none) => herman.viaene
Keywords: (none) => advisoryCC: (none) => tmb
Installed server side on the laptop. Changed in MCC the network setting to a network xxx.yyy Used webmin to create an internal bind server and created record for itself and a (not existing) mach17 address. At CLI: $ nslookup mach17.xxx.yyy Server: 192.168.2.6 Address: 192.168.2.6#53 Name: mach17.xxx.yyy Address: 192.168.2.17 So bind seems to do what I wanted.
Whiteboard: (none) => MGA6-32-OK
Works on mga infra, validating
Keywords: (none) => validated_updateWhiteboard: MGA6-32-OK => mga6-64-ok, mga6-32-okCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0353.html
Status: NEW => RESOLVEDResolution: (none) => FIXED