Date: Wed, 9 Mar 2016 14:02:46 -0600 (CST) From: "Jeremy C. Reed" <security-officer@....org> To: oss-security@...ts.openwall.com cc: security-officer@....org Subject: ISC BIND vulnerabilities are now public (CVE-2016-1285, CVE-2016-1286, CVE-2016-2088) Please be advised that ISC announced security advisories for vulnerabilities in ISC BIND. CVE-2016-1285: An error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c. All versions since 9.2.0 are affected. https://kb.isc.org/article/AA-01352 CVE-2016-1286: A problem parsing resource record signatures for DNAME resource records can lead to an assertion failure in resolver.c or db.c. All versions since 9.0.0 are affected. https://kb.isc.org/article/AA-01353 CVE-2016-2088: A response containing multiple DNS cookies causes servers with cookie support enabled to exit with an assertion failure in resolver.c. This affects the 9.10.x versions. https://kb.isc.org/article/AA-01351 Jeremy C. Reed ISC Security Officer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ