Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2016:0859-1

Опубликовано: 22 мар. 2016
Источник: suse-cvrf

Описание

Security update for bind

This update for bind fixes the following issues:

Fix two assertion failures that can lead to a remote denial of service attack:

  • CVE-2016-1285: An error when parsing signature records for DNAME can lead to named exiting due to an assertion failure. (bsc#970072)
  • CVE-2016-1286: An error when parsing signature records for DNAME records having specific properties can lead to named exiting due to an assertion failure in resolver.c or db.c. (bsc#970073)

This update was imported from the SUSE:SLE-12-SP1:Update update project.

Список пакетов

openSUSE Leap 42.1
bind-9.9.6P1-33.1
bind-chrootenv-9.9.6P1-33.1
bind-devel-9.9.6P1-33.1
bind-doc-9.9.6P1-33.1
bind-libs-9.9.6P1-33.1
bind-libs-32bit-9.9.6P1-33.1
bind-lwresd-9.9.6P1-33.1
bind-utils-9.9.6P1-33.1

Ссылки

Описание

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.

Затронутые продукты
openSUSE Leap 42.1:bind-9.9.6P1-33.1
openSUSE Leap 42.1:bind-chrootenv-9.9.6P1-33.1
openSUSE Leap 42.1:bind-devel-9.9.6P1-33.1
openSUSE Leap 42.1:bind-doc-9.9.6P1-33.1
Ссылки

Описание

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.

Затронутые продукты
openSUSE Leap 42.1:bind-9.9.6P1-33.1
openSUSE Leap 42.1:bind-chrootenv-9.9.6P1-33.1
openSUSE Leap 42.1:bind-devel-9.9.6P1-33.1
openSUSE Leap 42.1:bind-doc-9.9.6P1-33.1
Ссылки