Red Hat Bugzilla – Bug 1299367
CVE-2015-8705 bind: crash when converting OPT resource records and ECS options to text format
Last modified: 2016-01-22 04:30:00 EST
The following flaw in BIND was reported by ISC:
In versions of BIND 9.10, errors can occur when OPT pseudo-RR data or ECS options are formatted to text. In 9.10.3 through 9.10.3-P2, the issue may result in a REQUIRE assertion failure in buffer.c. In prior 9.10 versions, it may result in named crashing (such as with a segmentation fault) or other misbehavior due to a buffer overrun.
This issue can affect both authoritative and recursive servers if they are performing debug logging. (It may also crash related tools which use the same code, such as dig or delv.)
Disable debug logging in named.
Red Hat would like to thank ISC for reporting this issue.
Created attachment 1115783 [details]
Public now via upstream advisory.
Created bind tracking bugs for this issue:
Affects: fedora-all [bug 1300051]
Only BIND 9.10 was affected by this issue, therefore no Red Hat Enterprise Linux version was affected.