Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2017:0113-1

Опубликовано: 11 янв. 2017
Источник: suse-cvrf

Описание

Security update for bind

This update for bind fixes the following issues:

  • Fix a potential assertion failure that could have been triggered by a malformed response to an ANY query, thereby facilitating a denial-of-service attack. [CVE-2016-9131, bsc#1018700, bsc#1018699]

  • Fix a potential assertion failure that could have been triggered by responding to a query with inconsistent DNSSEC information, thereby facilitating a denial-of-service attack. [CVE-2016-9147, bsc#1018701, bsc#1018699]

  • Fix potential assertion failure that could have been triggered by DNS responses that contain unusually-formed DS resource records, facilitating a denial-of-service attack. [CVE-2016-9444, bsc#1018702, bsc#1018699]

  • Fixed ldapdump to use a temporary pseudo nameserver that conforms to BIND's expected syntax. Prior versions would not work correctly with an LDAP backed DNS server. [bsc#965748]

Список пакетов

SUSE Linux Enterprise Server 12-LTSS
bind-9.9.9P1-28.26.1
bind-chrootenv-9.9.9P1-28.26.1
bind-doc-9.9.9P1-28.26.1
bind-libs-9.9.9P1-28.26.1
bind-libs-32bit-9.9.9P1-28.26.1
bind-utils-9.9.9P1-28.26.1
SUSE Linux Enterprise Server for SAP Applications 12
bind-9.9.9P1-28.26.1
bind-chrootenv-9.9.9P1-28.26.1
bind-doc-9.9.9P1-28.26.1
bind-libs-9.9.9P1-28.26.1
bind-libs-32bit-9.9.9P1-28.26.1
bind-utils-9.9.9P1-28.26.1

Ссылки

Описание

named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.

Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:bind-9.9.9P1-28.26.1
SUSE Linux Enterprise Server 12-LTSS:bind-chrootenv-9.9.9P1-28.26.1
SUSE Linux Enterprise Server 12-LTSS:bind-doc-9.9.9P1-28.26.1
SUSE Linux Enterprise Server 12-LTSS:bind-libs-32bit-9.9.9P1-28.26.1
Ссылки

Описание

named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets.

Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:bind-9.9.9P1-28.26.1
SUSE Linux Enterprise Server 12-LTSS:bind-chrootenv-9.9.9P1-28.26.1
SUSE Linux Enterprise Server 12-LTSS:bind-doc-9.9.9P1-28.26.1
SUSE Linux Enterprise Server 12-LTSS:bind-libs-32bit-9.9.9P1-28.26.1
Ссылки

Описание

named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer.

Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:bind-9.9.9P1-28.26.1
SUSE Linux Enterprise Server 12-LTSS:bind-chrootenv-9.9.9P1-28.26.1
SUSE Linux Enterprise Server 12-LTSS:bind-doc-9.9.9P1-28.26.1
SUSE Linux Enterprise Server 12-LTSS:bind-libs-32bit-9.9.9P1-28.26.1
Ссылки