Updated bind packages fix security vulnerability
Publication date: 10 Mar 2016Modification date: 10 Mar 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-1285 , CVE-2016-1286 , CVE-2016-2088
Description
In ISC BIND before 9.10.3-P4, an error parsing input received by the rndc
control channel can cause an assertion failure in sexpr.c or alist.c
(CVE-2016-1285).
In ISC BIND before 9.10.3-P4, a problem parsing resource record signatures
for DNAME resource records can lead to an assertion failure in resolver.c
or db.c (CVE-2016-1286).
In ISC BIND before 9.10.3-P4, A response containing multiple DNS cookies
causes servers with cookie support enabled to exit with an assertion
failure in resolver.c (CVE-2016-2088).
References
- https://bugs.mageia.org/show_bug.cgi?id=17935
- https://kb.isc.org/article/AA-01351
- https://kb.isc.org/article/AA-01352
- https://kb.isc.org/article/AA-01353
- https://kb.isc.org/article/AA-01363
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2088
SRPMS
5/core
- bind-9.10.3.P4-1.mga5