The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of ISC BIND: assertion error via Resolver Dispatch.c

Synthesis of the vulnerability 

An attacker can force an assertion error via Resolver Dispatch.c of ISC BIND, in order to trigger a denial of service.
Vulnerable software: BIG-IP Hardware, TMOS, HP-UX, IBM i, BIND, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity of this announce: 3/4.
Creation date: 20/06/2019.
Références of this computer vulnerability: bulletinjul2019, CERTFR-2019-AVI-283, CVE-2019-6471, HPESBUX04128, ibm10967483, K10092301, openSUSE-SU-2019:2263-1, openSUSE-SU-2019:2265-1, RHSA-2019:1714-01, SSA:2019-171-01, SUSE-SU-2019:2502-1, SUSE-SU-2019:2550-1, USN-4026-1, VIGILANCE-VUL-29581.

Description of the vulnerability 

An attacker can force an assertion error via Resolver Dispatch.c of ISC BIND, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity alert impacts software or systems such as BIG-IP Hardware, TMOS, HP-UX, IBM i, BIND, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.

Our Vigil@nce team determined that the severity of this weakness is important.

The trust level is of type confirmed by the editor, with an origin of intranet client.

An attacker with a expert ability can exploit this security weakness.

Solutions for this threat 

ISC BIND: version 9.15.1.
The version 9.15.1 is fixed:
  https://www.isc.org/downloads
  https://ftp.isc.org/isc/bind9/9.15.1/RELEASE-NOTES-bind-9.15.1.html

ISC BIND: version 9.14.3.
The version 9.14.3 is fixed:
  https://www.isc.org/downloads
  https://ftp.isc.org/isc/bind9/9.14.3/RELEASE-NOTES-bind-9.14.3.html

ISC BIND: version 9.12.4-P2.
The version 9.12.4-P2 is fixed:
  https://www.isc.org/downloads
  https://ftp.isc.org/isc/bind9/9.12.4-P2/RELEASE-NOTES-bind-9.12.4-P2.html

ISC BIND: version 9.11.8.
The version 9.11.8 is fixed:
  https://www.isc.org/downloads
  https://ftp.isc.org/isc/bind9/9.11.8/RELEASE-NOTES-bind-9.11.8.html

F5 BIG-IP: fixed versions for BIND.
Fixed versions are indicated in information sources.

HP-UX: patch for BIND.
The version C.9.11.1.5.0 is fixed.

IBM i: patch for BIND.
A patch is indicated in information sources.

openSUSE Leap 15: new bind packages.
New packages are available:
  openSUSE Leap 15.0: bind 9.11.2-lp150.8.16.1
  openSUSE Leap 15.1: bind 9.11.2-lp151.11.6.1

Oracle Solaris: patch for third party software of July 2019 v2.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

RHEL 8.0: new bind packages.
New packages are available:
  RHEL 8: bind 9.11.4-17.P2.el8_0.1

Slackware: new bind packages.
New packages are available:
  Slackware 14.0: bind 9.11.8-*-1_slack14.0
  Slackware 14.1: bind 9.11.8-*-1_slack14.1
  Slackware 14.2: bind 9.11.8-*-1_slack14.2

SUSE LE 12 SP4: new bind packages.
New packages are available:
  SUSE LE 12 SP4: bind 9.11.2-3.10.1

SUSE LE 15: new bind packages.
New packages are available:
  SUSE LE 15 RTM: bind 9.11.2-12.13.2
  SUSE LE 15 SP1: bind 9.11.2-12.13.2

Ubuntu: new bind9 packages.
New packages are available:
  Ubuntu 19.04: bind9 1:9.11.5.P1+dfsg-1ubuntu2.5
  Ubuntu 18.10: bind9 1:9.11.4+dfsg-3ubuntu5.4
  Ubuntu 18.04 LTS: bind9 1:9.11.3+dfsg-1ubuntu1.8
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a software vulnerability bulletin. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.