株式会社日本レジストリサービス(JPRS) https://jprs.jp/tech/security/2016-10-21-bind9-vuln-malformed-options.html
> (緊急)BIND 9.xの脆弱性(DNSサービスの停止)について(CVE-2016-2848)
※ "2013年5月の「fix #3548」で修正済" 、3年前。
※ "最新版のBIND 9(BIND 9.11.0/9.10.4-P3/9.9.9-P3)は、対象となりません。"
(関連)
Internet Systems Consortium https://deepthought.isc.org/article/AA-01433/74/CVE-2016-2848%3A-A-packet-with-malformed-options-can-trigger-an-assertion-failure-in-ISC-BIND-versions-released-prior-to-May-2013-and-in-packages-derived-from-releases-prior-to-that-date.html
> CVE-2016-2848: A packet with malformed options can trigger an assertion failure
> in ISC BIND versions released prior to May 2013 and
> in packages derived from releases prior to that date. |
> Internet Systems Consortium Knowledge Base
※ "Versions affected: 9.1.0 -> 9.8.4-P2, 9.9.0 -> 9.9.2-P2" 。 9.9.3 で修正された模様。
Internet Systems Consortium https://deepthought.isc.org/article/AA-00913/74/BIND-9-Security-Vulnerability-Matrix.html
> BIND 9 Security Vulnerability Matrix | Internet Systems Consortium Knowledge Base
Internet Systems Consortium https://deepthought.isc.org/article/AA-00927/81/BIND-9.9.3-Extended-Support-Version-Release-Notes.html
> BIND 9.9.3 (Extended Support Version) Release Notes |
> Internet Systems Consortium Knowledge Base
・・・
http://d.hatena.ne.jp/TsuSUZUKI/20130606/1370468774
※ BIND 9.9.3-P1 リリース
http://d.hatena.ne.jp/TsuSUZUKI/20161008/1475921989
※ BIND 9.11.0 Release Notes
http://d.hatena.ne.jp/TsuSUZUKI/20160929/1475129723
※ BIND 9.10.4-P3
いじょうです。
-
- -