Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2018-5743 CVE-2019-6467 CVE-2019-6468

Source

                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: Multiple BIND vulnerabilities disclosed (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468)

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Peter Korsgaard &lt;peter () korsgaard com&gt;

Date: Sat, 27 Apr 2019 19:23:42 +0200

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
"andreas" == andreas  &lt;andreas () rammhold de&gt; writes:

On 12:13 25.04.19, Peter Korsgaard wrote:
It is a bit unfortunate that these security fixes now use
isc_atomic_xadd() which are not available on all architectures:

.libs/client.o: In function `mark_tcp_active':
client.c:(.text+0xc7c): undefined reference to `isc_atomic_xadd'
client.c:(.text+0xca0): undefined reference to `isc_atomic_xadd'
.libs/client.o: In function `client_accept':
client.c:(.text+0x2210): undefined reference to `isc_atomic_xadd'
client.c:(.text+0x230c): undefined reference to `isc_atomic_xadd'
.libs/client.o: In function `exit_check':
client.c:(.text+0x2958): undefined reference to `isc_atomic_xadd'
.libs/client.o:client.c:(.text+0x5cb4): more undefined references to `isc_atomic_xadd' follow
collect2: error: ld returned 1 exit status

There is a commit [1] on ISCs GitLab that removes the atomic operations
in favor of refcounting and thus fixes the aarch64 (and other archs?)
build error.

I applied that commit for NixOS. Looks good so far [2].

Yes, that was pointed out to me privatelyl. I am using it as well in
Buildroot:

https://git.buildroot.org/buildroot/commit/?id=fc8ace0938a0bcf2e9fa628a88853252eabc991d

Interesting enough, this fix is on the 9.11 branch:

https://github.com/isc-projects/bind9/commits/v9_11

But not part of the v9_11_6 tag:

https://github.com/isc-projects/bind9/commits/v9_11_6

-- 
Bye, Peter Korsgaard

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

Multiple BIND vulnerabilities disclosed (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468) Michael McNally (Apr 24)

Re: Multiple BIND vulnerabilities disclosed (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468) Peter Korsgaard (Apr 25)

Re: Multiple BIND vulnerabilities disclosed (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468) andreas (Apr 27)

Re: Multiple BIND vulnerabilities disclosed (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468) Peter Korsgaard (Apr 27)
Re: Multiple BIND vulnerabilities disclosed (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468) andreas (Apr 27)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Re: Multiple BIND vulnerabilities disclosed (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468)

Vulmon Search

About

Products

Connect