Bugzilla – Bug 936476
VUL-0: CVE-2015-4620: bind: resolver crash when validating
Last modified: 2020-09-24 14:57:36 UTC
Created attachment 639588 [details] bind9-patch-CVE-2015-4620 CRD: 2015-06-30 17:00 UTC Hello, ISC BIND package maintainers, ISC is planning on announcing a vulnerability tomorrow (2015-06-30) around 1000 PDT (1700 UTC). CVE-2015-4620: Specially Constructed Zone Data Can Cause a Resolver to Crash when Validating, affecting BIND versions 9.7.1+ Please refrain from public announcement and publication of new packages until after we have made our public announcement. The BIND 9.9.7-P1 and 9.10.2-P2 versions will include the fix for this issue. A patch to correct this issue is also attached to this message which may be used to build replacement BIND packages for your users. SHA256 (bind9-patch-CVE-2015-4620) = c5209ff7927eb6997d555af241927041f162ff455b8fb3547cfe24fe385424ab In keeping with our prior communication and commitments, we will not be producing a patch specifically for BIND 9.8 which is beyond its End of Life (EOL) and no longer supported by ISC. Jeremy Reed ISC Security Officer
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-07-14. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/62141
CRD moved to CRD: 2015-07-07
bugbot adjusting priority
public
SUSE-SU-2015:1204-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 918330,936476 CVE References: CVE-2015-1349,CVE-2015-4620 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): bind-9.9.6P1-18.1 SUSE Linux Enterprise Server 12 (src): bind-9.9.6P1-18.1 SUSE Linux Enterprise Desktop 12 (src): bind-9.9.6P1-18.1
SUSE-SU-2015:1205-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 918330,936476 CVE References: CVE-2015-1349,CVE-2015-4620 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): bind-9.9.6P1-0.7.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): bind-9.9.6P1-0.7.1 SUSE Linux Enterprise Server 11 SP3 (src): bind-9.9.6P1-0.7.1 SUSE Linux Enterprise Desktop 11 SP3 (src): bind-9.9.6P1-0.7.1
openSUSE-SU-2015:1250-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 908994,918330,936476,937028 CVE References: CVE-2014-8500,CVE-2015-1349,CVE-2015-4620 Sources used: openSUSE 13.2 (src): bind-9.9.6P1-2.4.1
openSUSE-SU-2015:1250-2: An update that solves three vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 908994,918330,936476,937028 CVE References: CVE-2014-8500,CVE-2015-1349,CVE-2015-4620 Sources used: openSUSE 13.1 (src): bind-9.9.4P2-2.11.1
openSUSE-SU-2015:1326-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 918330,936476,939567 CVE References: CVE-2015-1349,CVE-2015-4620,CVE-2015-5477 Sources used: openSUSE Evergreen 11.4 (src): bind-9.9.4P2-66.1
released all of them
CVE-2015-4650 was somehow mentioned for this problem. Leaving this comment just for reference. http://seclists.org/oss-sec/2015/q3/331