Описание
Security update for bind
This update for bind fixes the following security issue:
- A defect in BIND's handling of responses containing a DNAME answer had the potential to trigger assertion errors in the server remotely, thereby facilitating a denial-of-service attack. (CVE-2016-8864, bsc#1007829).
Список пакетов
SUSE Linux Enterprise Server 12-LTSS
bind-9.9.9P1-28.23.1
bind-chrootenv-9.9.9P1-28.23.1
bind-doc-9.9.9P1-28.23.1
bind-libs-9.9.9P1-28.23.1
bind-libs-32bit-9.9.9P1-28.23.1
bind-utils-9.9.9P1-28.23.1
SUSE Linux Enterprise Server for SAP Applications 12
bind-9.9.9P1-28.23.1
bind-chrootenv-9.9.9P1-28.23.1
bind-doc-9.9.9P1-28.23.1
bind-libs-9.9.9P1-28.23.1
bind-libs-32bit-9.9.9P1-28.23.1
bind-utils-9.9.9P1-28.23.1
Ссылки
- Link for SUSE-SU-2016:2696-1
- E-Mail link for SUSE-SU-2016:2696-1
- SUSE Security Ratings
- SUSE Bug 1007829
- SUSE CVE CVE-2016-8864 page
Описание
named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.
Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:bind-9.9.9P1-28.23.1
SUSE Linux Enterprise Server 12-LTSS:bind-chrootenv-9.9.9P1-28.23.1
SUSE Linux Enterprise Server 12-LTSS:bind-doc-9.9.9P1-28.23.1
SUSE Linux Enterprise Server 12-LTSS:bind-libs-32bit-9.9.9P1-28.23.1
Ссылки
- CVE-2016-8864
- SUSE Bug 1007829
- SUSE Bug 1018700
- SUSE Bug 1018701
- SUSE Bug 1018702
- SUSE Bug 1020526
- SUSE Bug 1024130
- SUSE Bug 1033466