bind: Processing a response containing CNAME or DNAME with unusual order can crash resolver

A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response...

[SECURITY] Fedora 26 Update: bind-9.11.0-7.P5.fc26

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

[SECURITY] Fedora 25 Update: bind-9.10.4-4.P8.fc25

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

Important: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

USN-3259-1 bind9 vulnerabilities

It was discovered that the resolver in Bind made incorrect assumptions about ordering when processing responses containing a CNAME or DNAME. An attacker could use this cause a denial of service. CVE-2017-3137 Oleg Gorokhov discovered that in some situations, Bind did not properly handle DNS64...

ISC BIND 9 DNS Recursive Resolver Denial of Service Vulnerability

ISC BIND is the United States Internet Systems Consortium ISC company maintains a set of open source software that implements the DNS protocol. A denial of service vulnerability exists in the BIND 9 DNS recursive resolver, where a server performing a recursive operation that receives a response...

Nintendo 3DS DNS Client Resolver Predictable TXID

Nintendo: 3DS DNS Client Resolver Library Uses Predictable TXID I bought a New Nintendo 3DS XL US with firmware 11.2.0-35U, and I've noticed that that DNS client resolved on the 3DS uses a simple incrementing TXID for lookups. This does not provide enough entropy to prevent remote attackers from...

Nintendo: 3DS DNS Client Resolver Library Uses Predictable TXID

I bought a New Nintendo 3DS XL US with firmware 11.2.0-35U, and I've noticed that that DNS client resolved on the 3DS uses a simple incrementing TXID for lookups. This does not provide enough entropy to prevent remote attackers from spoofing responses. For example, see MS08-020 when this happened...

[SECURITY] Fedora 26 Update: knot-resolver-1.2.4-1.fc26

The Knot DNS Resolver is a caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is pre-configured as...

Updated glibc packages fix security vulnerability

Florian Weimer discovered a NULL pointer dereference in the DNS resolver of the GNU C Library. An attacker could use this to cause a denial of service CVE-2015-5180. Tim Ruehsen discovered that the getaddrinfo implementation in the GNU C Library did not properly track memory allocations. An...

DEBIAN-CVE-2016-2225

The readetchostsr function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service infinite loop via a crafted packet...

Fedora 24 : knot-resolver (2017-9d06448c3e)

new upstream release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

Ubuntu: Security Advisory (USN-3239-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3239-2: GNU C Library Regression

USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately, the fix for CVE-2015-5180 introduced an internal ABI change within the resolver library. This update reverts the change. We apologize for the inconvenience. Please note that long-running services that were restarted to compensa...

USN-3239-2 eglibc, glibc regression

USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately, the fix for CVE-2015-5180 introduced an internal ABI change within the resolver library. This update reverts the change. We apologize for the inconvenience. Please note that long-running services that were restarted to compensa...

[SECURITY] Fedora 25 Update: knot-resolver-1.2.4-1.fc25

The Knot DNS Resolver is a caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is pre-configured as...

USN-3239-1: GNU C Library vulnerabilities

It was discovered that the GNU C Library incorrectly handled the strxfrm function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. CVE-2015-8982 It was discovered that an integer...

USN-3239-1 eglibc, glibc vulnerabilities

It was discovered that the GNU C Library incorrectly handled the strxfrm function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. CVE-2015-8982 It was discovered that an integer...

[SECURITY] Fedora 24 Update: knot-resolver-1.2.4-1.fc24

The Knot DNS Resolver is a caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is pre-configured as...

Fedora 25 : knot-resolver (2017-df53d02da7)

new upstream release + security: Knot Resolver 1.2.0 and higher could return AD flag for insecure answer if the daemon received answer with invalid RRSIG several times in a row. + fix: layer/iterate: some improvements in cname chain unrolling + fix: layer/validate: fix duplicate records in...