Advisories » MGASA-2015-0481

Updated bind packages fix security vulnerability

Publication date: 20 Dec 2015
Modification date: 21 Dec 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-8000

Description

An error in the parsing of incoming responses allows some records with
an incorrect class to be accepted by BIND instead of being rejected as
malformed. This can trigger a REQUIRE assertion failure when those
records are subsequently cached. Intentional exploitation of this
condition is possible and could be used as a denial-of-service vector
against servers performing recursive queries (CVE-2015-8000).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17339
• https://kb.isc.org/article/AA-01317
• https://kb.isc.org/article/AA-01317
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000

SRPMS

5/core

• bind-9.10.3.P2-1.mga5