Bug 1353569
Summary: | CVE-2016-6170 bind: Improper restriction of zone size limit [fedora-all] | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Adam Mariš <amaris> |
Component: | bind | Assignee: | Petr Menšík <pemensik> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 26 | CC: | msehnout, pemensik, thozza, vonsch, zdohnal |
Target Milestone: | --- | Keywords: | Security, SecurityTracking |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | bind-9.11.1-1.P1.fc26 bind-9.10.5-1.P1.fc25 bind-9.10.5-1.P2.fc24 | Doc Type: | Release Note |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-07-26 15:19:42 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1353563 |
Description
Adam Mariš
2016-07-07 13:13:09 UTC
Use the following template to for the 'fedpkg update' request to submit an update for this issue as it contains the top-level parent bug(s) as well as this tracking bug. This will ensure that all associated bugs get updated when new packages are pushed to stable. ===== # bugfix, security, enhancement, newpackage (required) type=security # testing, stable request=testing # Bug numbers: 1234,9876 bugs=1353563,1353569 # Description of your update notes=Security fix for CVE-2016-6170 # Enable request automation based on the stable/unstable karma thresholds autokarma=True stable_karma=3 unstable_karma=-3 # Automatically close bugs when this marked as stable close_bugs=True # Suggest that users restart after update suggest_reboot=False ====== Additionally, you may opt to use the bodhi web interface to submit updates: https://bodhi.fedoraproject.org/updates/new Upstream solution: ISC wish to stress that the behavior in question is not a failure of BIND to implement DNS protocols correctly, but is if anything an oversight in the protocol. However, for the convenience of operators who take zone data from untrusted sources (such as secondary name service providers) we have committed to delivering a feature in upcoming maintenance releases of BIND which will address the issue by allowing operators to set limits on the maximum zone size BIND will accept. This bug will be closed when new upstream version will be released. This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component. This bug appears to have been reported against 'rawhide' during the Fedora 26 development cycle. Changing version to '26'. This bug was fixed by new released version 9.11.1 and 9.10.5. It is fixed already in f24, f25 and f26. I just failed to add this bug when making the update. Solution for limiting size of incoming zones is per-zone option max-records. |