The following flaw, reported by ISC, was found in recent versions of BIND 9 ( 9.9.7 through 9.9.7-P2, and 9.10.2 through 9.10.2-P3):
An incorrect boundary check in openpgpkey_61.c can cause named to
terminate due to a REQUIRE assertion failure. This defect can be
deliberately exploited by an attacker who can provide a maliciously
constructed response in answer to a query.
Red Hat would like to thank ISC for reporting this issue.
Created attachment 1069242 [details]
Created attachment 1069243 [details]
This issue did not affect the versions of Bind as shipped with Red Hat Enterprise Linux 4, 5, 6 and 7 as they did not include support for fromwire_openpgpkey().
Created bind99 tracking bugs for this issue:
Affects: fedora-22 [bug 1259563]
bind99-9.9.7-7.P3.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
bind99-9.9.7-7.P3.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.