The following flaw, reported by ISC, was found in BIND: An error when parsing signature records for DNAME records having specific properties can lead to named exiting due to an assertion failure in resolver.c or db.c. An attacker able to cause a server to make a query deliberately chosen to generate a response containing a signature record which would exercise this vulnerability can cause named to stop execution with an assertion failure, resulting in denial of service to clients. Recursive resolvers are at the highest risk of vulnerability to this attack but authoritative-only servers may be also be vulnerable if the attacker can control the answers for records requested when the authoritative server is performing service on zones (e.g. a slave server doing SOA queries.) Servers may be affected even if they are not performing validation or have DNSSEC disabled entirely as long as they receive a response containing offending signature records. Disabling DNSSEC does not provide protection against this vulnerability. External References: https://kb.isc.org/article/AA-01353
Acknowledgments: Name: ISC
Public via: https://kb.isc.org/article/AA-01353
Created bind tracking bugs for this issue: Affects: fedora-all [bug 1316445]
Created bind99 tracking bugs for this issue: Affects: fedora-all [bug 1316446]
Upstream commits: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=a3d327bf1ceaaeabb20223d8de85166e940b9f12 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=7602be276a73a6eb5431c5acd9718e68a55e8b61
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Via RHSA-2016:0458 https://rhn.redhat.com/errata/RHSA-2016-0458.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Via RHSA-2016:0459 https://rhn.redhat.com/errata/RHSA-2016-0459.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.6 Extended Update Support Red Hat Enterprise Linux 6.5 Advanced Update Support Red Hat Enterprise Linux 6.4 Advanced Update Support Via RHSA-2016:0562 https://rhn.redhat.com/errata/RHSA-2016-0562.html
*** Bug 1318738 has been marked as a duplicate of this bug. ***
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.2 Advanced Update Support Via RHSA-2016:0601 https://rhn.redhat.com/errata/RHSA-2016-0601.html