CVE-2018-5745

"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.

References

Affected packages

Git / gitlab.isc.org/isc-projects/bind9

Affected ranges

Type: GIT
Repo: https://gitlab.isc.org/isc-projects/bind9
Events: Last affected

1c59cea1c0e26e2da3f2afb90200bfe9f7748c03

Introduced

1477c19dd9a347ee19a42dac227f299a4680506f

Last affected

2fe4344de48d6061bef5a4000066a99a7c1296a6

Introduced

71a40862c0be867999867cd99e21c2266a5e452b

Last affected

3631aeb0709b460afc66ca8bff609bf93ef24bec

Last affected

3b0b2047cea8d9e61d0c1eabe2d3c958997e8be4

Last affected

647dac6f96293b98d9d865d367feb74710cd9b46

Last affected

6c8e92c06d2d5b5904c925ca48564a93f1edba44

Introduced

29b3a7d84240a51099490c0f39ae537f4e0d6a7a

Last affected

acfbf1ae9438873ef2fccacd5b3692f1aab99939

Last affected

cfdd35f26ac4509cec614284ce036e487a552504

Introduced

3514c49b2fbcdf95b2735878e2487fce9a3ddad5

Last affected

db65d701b999d10e555c13454bceb74df4494975

Affected versions

v9.*

v9.11.0

v9.11.1

v9.11.1b1

v9.11.1rc1

v9.11.1rc2

v9.11.1rc3

v9.11.2b1

v9.11.2rc1

v9.11.3

v9.11.3b1

v9.11.3rc1

v9.11.4

v9.11.4rc2

v9.13.0

v9.13.2

v9.13.3

v9.13.4

v9.13.5

v9.13.6

v9.9.0

v9.9.1

v9.9.2b1

v9.9.2rc1

v9.9.3b1