CVE-2013-3919 [was Re: resolver.c:4858: fatal error]

[Warren Kumari]

Can you / ISC confirm that authoritative only (recursion no) are not affected?

The implication from the advisory is that they are not, but explicit confirmation would be nice... 

Warren Kumari
------
Please excuse typing, etc -- This was sent from a device with a tiny keyboard.

On Jun 4, 2013, at 7:04 PM, Michael McNally <mcnally at isc.org> wrote:

> On 6/4/13 1:06 AM, Stas Pirogov wrote:
>> Hello,
>> 
>> since upgrading our binds to 9.9.3 (from 9.9.2-P2) I've got
>> following crash couple of times in last 3 days:
>> 
>> 04-Jun-2013 08:33:09.531 general: critical: resolver.c:4858: fatal error:
>> 04-Jun-2013 08:33:09.531 general: critical: RUNTIME_CHECK(tresult == 0)
>> failed
>> 04-Jun-2013 08:33:09.531 general: critical: exiting (due to fatal error in
>> library)
>> 
>> We're running various versions CentOS. This happened on both 5.3 and 5.5
>> 
>> Please advise
> 
> Congratulations, you have discovered a bug in BIND 9.9.3, 9.8.5, and
> 9.6-ESV-R9.  After analyzing it and concluding that the defect was
> potentially usable as a denial-of-service vector, our software
> developers have produced an emergency patch release which has been
> announced on the bind-announce mailing list.
> 
> New versions of BIND are available to replace 9.9.3, 9.8.5, and
> 9.6-ESV-R9.  Because the bug was introduced in the beta cycle for
> the most recent set of maintenance releases, the versions listed above
> are the only release versions of BIND affected.
> 
> They are replaced by:
> 
>  9.9.3-P1
>  9.8.5-P1
>  9.6-ESV-R9-P1
> 
> all of which can be found on the ISC ftp site,
> ftp://ftp.isc.org/isc/bind9
> 
> Michael McNally
> ISC Support
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>