Updated bind packages fix security vulnerabilities
Publication date: 08 Sep 2015Modification date: 08 Sep 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-5722 , CVE-2015-5986
Description
Updated bind packages fix security vulnerability:
Parsing a malformed DNSSEC key can cause a validating resolver to exit due to
a failed assertion in buffer.c. It is possible for a remote attacker to
deliberately trigger this condition, for example by using a query which
requires a response from a zone containing a deliberately malformed key
(CVE-2015-5722).
An incorrect boundary check in openpgpkey_61.c can cause named to terminate
due to a REQUIRE assertion failure. This defect can be deliberately exploited
by an attacker who can provide a maliciously constructed response in answer to
a query (CVE-2015-5986).
References
- https://bugs.mageia.org/show_bug.cgi?id=16695
- https://kb.isc.org/article/AA-01287
- https://kb.isc.org/article/AA-01291
- https://kb.isc.org/article/AA-01300
- https://kb.isc.org/article/AA-01301
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5722
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5986
SRPMS
4/core
- bind-9.9.7.P3-1.mga4
5/core
- bind-9.10.2.P4-1.mga5