SUSE-SU-2016:2697-1

Опубликовано: 02 нояб. 2016

Источник: suse-cvrf

Описание

Security update for bind

This update for bind fixes the following issues:

A defect in BIND's handling of responses containing a DNAME answer had the potential to trigger assertion errors in the server remotely, thereby facilitating a denial-of-service attack. (CVE-2016-8864, bsc#1007829).
Fix BIND to return a valid hostname in response to ldapdump queries. (bsc#965748)

Список пакетов

SUSE Linux Enterprise Desktop 12 SP1

bind-libs-9.9.9P1-49.1

bind-libs-32bit-9.9.9P1-49.1

bind-utils-9.9.9P1-49.1

SUSE Linux Enterprise Desktop 12 SP2

bind-libs-9.9.9P1-49.1

bind-libs-32bit-9.9.9P1-49.1

bind-utils-9.9.9P1-49.1

SUSE Linux Enterprise Server 12 SP1

bind-9.9.9P1-49.1

bind-chrootenv-9.9.9P1-49.1

bind-doc-9.9.9P1-49.1

bind-libs-9.9.9P1-49.1

bind-libs-32bit-9.9.9P1-49.1

bind-utils-9.9.9P1-49.1

SUSE Linux Enterprise Server 12 SP2

bind-9.9.9P1-49.1

bind-chrootenv-9.9.9P1-49.1

bind-doc-9.9.9P1-49.1

bind-libs-9.9.9P1-49.1

bind-libs-32bit-9.9.9P1-49.1

bind-utils-9.9.9P1-49.1

SUSE Linux Enterprise Server for SAP Applications 12 SP1

bind-9.9.9P1-49.1

bind-chrootenv-9.9.9P1-49.1

bind-doc-9.9.9P1-49.1

bind-libs-9.9.9P1-49.1

bind-libs-32bit-9.9.9P1-49.1

bind-utils-9.9.9P1-49.1

SUSE Linux Enterprise Server for SAP Applications 12 SP2

bind-9.9.9P1-49.1

bind-chrootenv-9.9.9P1-49.1

bind-doc-9.9.9P1-49.1

bind-libs-9.9.9P1-49.1

bind-libs-32bit-9.9.9P1-49.1

bind-utils-9.9.9P1-49.1

SUSE Linux Enterprise Software Development Kit 12 SP1

bind-devel-9.9.9P1-49.1

SUSE Linux Enterprise Software Development Kit 12 SP2

bind-devel-9.9.9P1-49.1

Ссылки

https://www.suse.com/support/update/announcement/2016/suse-su-20162697-1/
Link for SUSE-SU-2016:2697-1
https://lists.suse.com/pipermail/sle-security-updates/2016-November/002385.html
E-Mail link for SUSE-SU-2016:2697-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1007829
SUSE Bug 1007829
https://bugzilla.suse.com/965748
SUSE Bug 965748
https://www.suse.com/security/cve/CVE-2016-8864/
SUSE CVE CVE-2016-8864 page

Описание

named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.

Затронутые продукты

SUSE Linux Enterprise Desktop 12 SP1:bind-libs-32bit-9.9.9P1-49.1

SUSE Linux Enterprise Desktop 12 SP1:bind-libs-9.9.9P1-49.1

SUSE Linux Enterprise Desktop 12 SP1:bind-utils-9.9.9P1-49.1

SUSE Linux Enterprise Desktop 12 SP2:bind-libs-32bit-9.9.9P1-49.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-8864.html
CVE-2016-8864
https://bugzilla.suse.com/1007829
SUSE Bug 1007829
https://bugzilla.suse.com/1018700
SUSE Bug 1018700
https://bugzilla.suse.com/1018701
SUSE Bug 1018701
https://bugzilla.suse.com/1018702
SUSE Bug 1018702
https://bugzilla.suse.com/1020526
SUSE Bug 1020526
https://bugzilla.suse.com/1024130
SUSE Bug 1024130
https://bugzilla.suse.com/1033466
SUSE Bug 1033466

SUSE-SU-2016:2697-1

Описание

Список пакетов

SUSE Linux Enterprise Desktop 12 SP1

SUSE Linux Enterprise Desktop 12 SP2

SUSE Linux Enterprise Server 12 SP1

SUSE Linux Enterprise Server 12 SP2

SUSE Linux Enterprise Server for SAP Applications 12 SP1

SUSE Linux Enterprise Server for SAP Applications 12 SP2

SUSE Linux Enterprise Software Development Kit 12 SP1

SUSE Linux Enterprise Software Development Kit 12 SP2

Ссылки

Уязвимость: CVE-2016-8864

Описание

Затронутые продукты

Ссылки