ELSA-2016-2615

Опубликовано: 09 нояб. 2016

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2016-2615: bind security update (IMPORTANT)

[32:9.9.4-38]

Fix CVE-2016-8864

[32:9.9.4-37]

Fix CVE-2016-2776

[32:9.9.4-36]

Added automatic interface scan functionality (#1294506)
Removed NetworkManager dispatcher script since it is not needed any more (#1294506)

[32:9.9.4-35]

Added GeoIP support (#1220594)

[32:9.9.4-34]

Added support for CAA records (#1306610)
Use HTTPS URL instead of FTP for upstream sources (#1319280)

[32:9.9.4-33]

Fix excessive queries caused by DS chasing with stub zones when DNSSEC is not used (#1291185)
Fix error in internal test suite (#1259514)
Fix named-checkconf call in *-chroot.service files (#1278082)
Fix incorrect path in BIND sample configuration and added comment to default configuration (#1247502)

[32:9.9.4-32]

Fix CVE-2016-1285 and CVE-2016-1286

[32:9.9.4-31]

Fix CVE-2015-8704

[32:9.9.4-30]

Fix CVE-2015-8000

Обновленные пакеты

Oracle Linux 7

Oracle Linux x86_64

bind

9.9.4-38.el7_3

bind-chroot

9.9.4-38.el7_3

bind-devel

9.9.4-38.el7_3

bind-libs

9.9.4-38.el7_3

bind-libs-lite

9.9.4-38.el7_3

bind-license

9.9.4-38.el7_3

bind-lite-devel

9.9.4-38.el7_3

bind-pkcs11

9.9.4-38.el7_3

bind-pkcs11-devel

9.9.4-38.el7_3

bind-pkcs11-libs

9.9.4-38.el7_3

bind-pkcs11-utils

9.9.4-38.el7_3

bind-sdb

9.9.4-38.el7_3

bind-sdb-chroot

9.9.4-38.el7_3

bind-utils

9.9.4-38.el7_3

Связанные CVE

CVE-2016-8864

Ссылки на источники

Связанные уязвимости

CVE-2016-8864

CVSS3: 7.5

ubuntu

почти 9 лет назад

named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.