Here’s a some news – CVE-2011-4313 with a CVE rating of 7.8 – BIND 9 Resolver crashes after logging an error in query.c. Here is the original post: http://www.isc.org/software/bind/advisories/cve-2011-4313.
Here’s the description:
An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. ISC is working on determining the ultimate cause by which a record with this particular inconsistency is cached.At this time we are making available a patch which makes named recover gracefully from the inconsistency, preventing the abnormal exit.
Easy fix? Upgrade BIND to one of the following patched versions: BIND 9.8.1-P1, 9.7.4-P1, 9.6-ESV-R5-P1, 9.4-ESV-R5-P1
