Updated bind packages fix security vulnerability
Publication date: 04 Oct 2016Modification date: 04 Oct 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-2775 , CVE-2016-2776
Description
The lwresd component in BIND (which is not enabled by default) could crash
while processing an overlong request name. This could lead to a denial of
service (CVE-2016-2775).
A crafted query could crash the BIND name server daemon, leading to a
denial of service. All server roles (authoritative, recursive and
forwarding) in default configurations are affected (CVE-2016-2776).
A conflict between the bind and bind-doc packages has also been fixed
(mga#10880).
References
- https://bugs.mageia.org/show_bug.cgi?id=18983
- https://kb.isc.org/article/AA-01393
- https://kb.isc.org/article/AA-01419
- https://www.debian.org/security/2016/dsa-3680
- https://bugs.mageia.org/show_bug.cgi?id=10880
- https://bugs.mageia.org/show_bug.cgi?id=18983
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2775
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2776
SRPMS
5/core
- bind-9.10.3.P4-1.1.mga5