Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 9 Mar 2016 14:02:46 -0600 (CST)
From: "Jeremy C. Reed" <security-officer@....org>
To: oss-security@...ts.openwall.com
cc: security-officer@....org
Subject: ISC BIND vulnerabilities are now public (CVE-2016-1285,  CVE-2016-1286,
 CVE-2016-2088)

Please be advised that ISC announced security advisories for
vulnerabilities in ISC BIND.

CVE-2016-1285: An error parsing input received by the rndc control
channel can cause an assertion failure in sexpr.c or alist.c. All
versions since 9.2.0 are affected.
https://kb.isc.org/article/AA-01352

CVE-2016-1286: A problem parsing resource record signatures for
DNAME resource records can lead to an assertion failure in resolver.c
or db.c. All versions since 9.0.0 are affected.
https://kb.isc.org/article/AA-01353

CVE-2016-2088: A response containing multiple DNS cookies causes
servers with cookie support enabled to exit with an assertion
failure in resolver.c. This affects the 9.10.x versions.
https://kb.isc.org/article/AA-01351



Jeremy C. Reed
ISC Security Officer

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ