Advisories ยป MGASA-2016-0107

Updated bind packages fix security vulnerability

Publication date: 10 Mar 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-1285 , CVE-2016-1286 , CVE-2016-2088

Description

In ISC BIND before 9.10.3-P4, an error parsing input received by the rndc
control channel can cause an assertion failure in sexpr.c or alist.c
(CVE-2016-1285).

In ISC BIND before 9.10.3-P4, a problem parsing resource record signatures
for DNAME resource records can lead to an assertion failure in resolver.c
or db.c (CVE-2016-1286).

In ISC BIND before 9.10.3-P4, A response containing multiple DNS cookies
causes servers with cookie support enabled to exit with an assertion
failure in resolver.c (CVE-2016-2088).
                

References

SRPMS

5/core