Advisories ยป MGASA-2015-0341

Updated bind packages fix security vulnerabilities

Publication date: 08 Sep 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-5722 , CVE-2015-5986

Description

Updated bind packages fix security vulnerability:

Parsing a malformed DNSSEC key can cause a validating resolver to exit due to
a failed assertion in buffer.c.  It is possible for a remote attacker to
deliberately trigger this condition, for example by using a query which
requires a response from a zone containing a deliberately malformed key
(CVE-2015-5722).

An incorrect boundary check in openpgpkey_61.c can cause named to terminate
due to a REQUIRE assertion failure.  This defect can be deliberately exploited
by an attacker who can provide a maliciously constructed response in answer to
a query (CVE-2015-5986).
                

References

SRPMS

4/core

5/core