Advisories » MGASA-2015-0298

Updated bind package fixes security vulnerability

Publication date: 31 Jul 2015
Modification date: 31 Jul 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-5477

Description

An error in the handling of TKEY queries can be exploited by an attacker
for use as a denial-of-service vector, as a constructed packet can use the
defect to trigger a REQUIRE assertion failure, causing BIND to exit
(CVE-2015-5477).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16496
• https://kb.isc.org/article/AA-01272
• https://kb.isc.org/article/AA-01279
• https://kb.isc.org/article/AA-01280
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477

SRPMS

5/core

• bind-9.10.2.P3-1.mga5

4/core

• bind-9.9.7.P2-1.mga4