Advisories ยป MGASA-2016-0332

Updated bind packages fix security vulnerability

Publication date: 04 Oct 2016
Modification date: 04 Oct 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-2775 , CVE-2016-2776

Description

The lwresd component in BIND (which is not enabled by default) could crash
while processing an overlong request name. This could lead to a denial of
service (CVE-2016-2775).

A crafted query could crash the BIND name server daemon, leading to a
denial of service. All server roles (authoritative, recursive and
forwarding) in default configurations are affected (CVE-2016-2776).

A conflict between the bind and bind-doc packages has also been fixed
(mga#10880).
                

References

SRPMS

5/core