Improper sequencing during cleanup operations of upstream recursion fetch contexts in BIND can lead to a use-after-free error, triggering an assertion failure and crash in named. Affected BIND versions acting as DNSSEC validating resolvers are currently known to crash with an assertion failure in netaddr.c due to this bug. External References: https://kb.isc.org/article/AA-01542 Upstream Patches: ftp://ftp.isc.org/isc/bind9/9.9.11-P1/patches/CVE-2017-3145 ftp://ftp.isc.org/isc/bind9/9.10.6-P1/patches/CVE-2017-3145 ftp://ftp.isc.org/isc/bind9/9.11.2-P1/patches/CVE-2017-3145
Created bind tracking bugs for this issue: Affects: fedora-all [bug 1535307]
Acknowledgments: Name: ISC Upstream: Jayachandran Palanisamy (Cygate AB)
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:0101 https://access.redhat.com/errata/RHSA-2018:0101
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:0102 https://access.redhat.com/errata/RHSA-2018:0102
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Extended Update Support Red Hat Enterprise Linux 7.2 Advanced Update Support Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions Red Hat Enterprise Linux 7.2 Telco Extended Update Support Via RHSA-2018:0488 https://access.redhat.com/errata/RHSA-2018:0488
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.7 Extended Update Support Red Hat Enterprise Linux 6.4 Advanced Update Support Red Hat Enterprise Linux 6.5 Advanced Update Support Red Hat Enterprise Linux 6.6 Advanced Update Support Red Hat Enterprise Linux 6.6 Telco Extended Update Support Via RHSA-2018:0487 https://access.redhat.com/errata/RHSA-2018:0487