BIND: Denial of service — GLSA 201510-01

A vulnerability in BIND could lead to a Denial of Service condition.

Affected packages

net-dns/bind on all architectures
Affected versions < 9.10.2_p4
Unaffected versions >= 9.10.2_p4

Background

BIND (Berkeley Internet Name Domain) is a Name Server.

Description

A vulnerability has been discovered in BIND’s named utility leading to a Denial of Service condition.

Impact

A remote attacker may be able to cause Denial of Service condition via specially constructed zone data.

Workaround

There is no known workaround at this time.

Resolution

All BIND users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-dns/bind-9.10.2_p4"
 

References

Release date
October 18, 2015

Latest revision
October 18, 2015: 1

Severity
normal

Exploitable
remote

Bugzilla entries