Advisories » MGASA-2018-0093

Updated bind packages fix security vulnerability

Publication date: 24 Jan 2018
Modification date: 24 Jan 2018
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-3145

Description

BIND was improperly sequencing cleanup operations on upstream recursion
fetch contexts, leading in some cases to a use-after-free error that can
trigger an assertion failure and crash in named (CVE-2017-3145).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22424
• https://kb.isc.org/article/AA-01542
• https://kb.isc.org/article/AA-01548
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3145

SRPMS

5/core

• bind-9.10.6.P1-1.mga5