bind9 CVE-2017-3137
Hi,
one of my servers crashed twice in the last 24 hours:
Apr 20 14:51:22 SRV named[37412]: resolver.c:4350: INSIST(fctx->type ==
((dns_rdatatype_t)dns_rdatatype_any) || fctx->type == ((dns_rda
tatype_t)dns_rdatatype_rrsig) || fctx->type ==
((dns_rdatatype_t)dns_rdatatype_sig)) failed, back trace
Apr 20 14:51:22 SRV named[37412]: #0 0x7f9bde355a00 in ??
Apr 20 14:51:22 SRV named[37412]: #1 0x7f9bdc5318ea in ??
Apr 20 14:51:22 SRV named[37412]: #2 0x7f9bddc1714e in ??
Apr 20 14:51:22 SRV named[37412]: #3 0x7f9bdc553d5b in ??
Apr 20 14:51:22 SRV named[37412]: #4 0x7f9bdbf04064 in ??
Apr 20 14:51:22 SRV named[37412]: #5 0x7f9bdb8d262d in ??
Apr 20 14:51:22 SRV named[37412]: exiting (due to assertion failure)
I suspect CVE-2017-3137 for this:
https://security-tracker.debian.org/tracker/CVE-2017-3137
# dpkg -l | grep bind9
ii bind9 1:9.9.5.dfsg-9+deb8u10 amd64 Internet
Domain Name Server
ii bind9-host 1:9.9.5.dfsg-9+deb8u10 amd64 Version
of 'host' bundled with BIND 9.X
ii bind9utils 1:9.9.5.dfsg-9+deb8u10 amd64 Utilities
for BIND
ii libbind9-90 1:9.9.5.dfsg-9+deb8u10 amd64 BIND9
Shared Library used by BIND
Any info or workaround for this vulnerability ?
Reply to: