CVE-2013-3919 [was Re: resolver.c:4858: fatal error]
Michael McNally
mcnally at isc.org
Wed Jun 5 00:04:53 UTC 2013
On 6/4/13 1:06 AM, Stas Pirogov wrote:
> Hello,
>
> since upgrading our binds to 9.9.3 (from 9.9.2-P2) I've got
> following crash couple of times in last 3 days:
>
> 04-Jun-2013 08:33:09.531 general: critical: resolver.c:4858: fatal error:
> 04-Jun-2013 08:33:09.531 general: critical: RUNTIME_CHECK(tresult == 0)
> failed
> 04-Jun-2013 08:33:09.531 general: critical: exiting (due to fatal error in
> library)
>
> We're running various versions CentOS. This happened on both 5.3 and 5.5
>
> Please advise
Congratulations, you have discovered a bug in BIND 9.9.3, 9.8.5, and
9.6-ESV-R9. After analyzing it and concluding that the defect was
potentially usable as a denial-of-service vector, our software
developers have produced an emergency patch release which has been
announced on the bind-announce mailing list.
New versions of BIND are available to replace 9.9.3, 9.8.5, and
9.6-ESV-R9. Because the bug was introduced in the beta cycle for
the most recent set of maintenance releases, the versions listed above
are the only release versions of BIND affected.
They are replaced by:
9.9.3-P1
9.8.5-P1
9.6-ESV-R9-P1
all of which can be found on the ISC ftp site,
ftp://ftp.isc.org/isc/bind9
Michael McNally
ISC Support
More information about the bind-users
mailing list