Описание
Security update for bind
bind was updated to fix two security issues.
These security issues were fixed:
- CVE-2015-1349: Named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allowed remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use (bsc#918330).
- CVE-2015-4620: Fixed resolver crash when validating (bsc#936476).
Список пакетов
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Software Development Kit 12
Ссылки
- Link for SUSE-SU-2015:1204-1
- E-Mail link for SUSE-SU-2015:1204-1
- SUSE Security Ratings
- SUSE Bug 918330
- SUSE Bug 936476
- SUSE CVE CVE-2015-1349 page
- SUSE CVE CVE-2015-4620 page
Описание
named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use.
Затронутые продукты
Ссылки
- CVE-2015-1349
- SUSE Bug 918330
Описание
name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone.
Затронутые продукты
Ссылки
- CVE-2015-4620
- SUSE Bug 936476