The following flaw in BIND was reported by ISC: A buffer size check used to guard against overflow could cause named to exit with an INSIST failure In apl_42.c. A server could exit due to an INSIST failure in apl_42.c when performing certain string formatting operations. Examples include (but may not be limited to): Slaves using text-format db files could be vulnerable if receiving a malformed record in a zone transfer from their master. Masters using text-format db files could be vulnerable if they accept a malformed record in a DDNS update message. Recursive resolvers are potentially vulnerable when debug logging, if they are fed a deliberately malformed record by a malicious server. A server which has cached a specially constructed record could encounter this condition while performing 'rndc dumpdb'.
Acknowledgements: Red Hat would like to thank ISC for reporting this issue.
Created attachment 1115780 [details] 9.10.3-rt41396-and-rt41397-CVE-2015-8704-and-CVE-2015-8705.diff
Created attachment 1115781 [details] 9.9.8-rt41396-CVE-2015-8704.diff
Public now via upstream advisory. External References: https://kb.isc.org/article/AA-01335
Created bind tracking bugs for this issue: Affects: fedora-all [bug 1300051]
Created bind99 tracking bugs for this issue: Affects: fedora-all [bug 1300052]
Upstream commit: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=fb17e1f9a2e34211af8d42f513bc63a26972674c
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Via RHSA-2016:0074 https://rhn.redhat.com/errata/RHSA-2016-0074.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Via RHSA-2016:0073 https://rhn.redhat.com/errata/RHSA-2016-0073.html