[security-announce] bind 9.9.5: Security Update

Sona Sarmadi sona.sarmadi at enea.com
Mon Dec 21 11:59:15 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

		Enea Linux Security Advisory

=========================================================
Product/package: bind 9.9.5
Severity: Critical
CVE Names: CVE-2015-8000
Responses with a malformed class attribute can trigger
an assertion failure in db.c
Layer: poky
=========================================================

This security update fixes a denial of service in BIND.

Description:

   An error in the parsing of incoming responses allows some records
   with an incorrect class to be accepted by BIND instead of
   being rejected as malformed.  This can trigger a REQUIRE assertion
   failure when those records are subsequently cached. Intentional
   exploitation of this condition is possible and could be used as
   a denial-of-service vector against servers performing recursive
   queries.

Impact:

   An attacker who can cause a server to request a record with a
   malformed class attribute can use this bug to trigger a REQUIRE
   assertion in db.c, causing named to exit and denying service to
   clients.  The risk to recursive servers is high. Authoritative
   servers are at limited risk if they perform authentication when
   making recursive queries to resolve addresses for servers listed
   in NS RRSETs.

References:
http://www.openwall.com/lists/oss-security/2015/12/15/14
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000
https://bugzilla.redhat.com/attachment.cgi?id=1105581


Upstream patches:
https://bugzilla.redhat.com/attachment.cgi?id=1105581

Correction for Enea Linux 5.0:
http://git.enea.com/cgit/linux/poky.git/patch/?id=143136f7c830a5beb149f0
5886d2a649a29fca7a

How to get the latest patches
=============================
- - If you have already cloned meta-enea, update it to get new
security patches.

cd Enea-Linux-5.0/poky
git pull

- - If you have not yet cloned needed repositories, do it as described
below. (All patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-
hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-
openembedded.git
git -C $POKY clone -b dizzy
git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy
git://git.enea.com/linux/meta-enea/meta-vt.git


If you have any questions regarding the security patches and security
updates please contact security at enea.com.


Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWd9uDAAoJEHc+9u9ocWoUrksP/AsXKPK6vJcKZrHqLhX+MOUJ
DmiWpzKEclJk1RDoZcozAqabWzJmyoth197QAut2m7b7/4YRVsdwtxF/VQ6LYnvV
ssREpeQNKmxmbengN83+Q4FCKBz8RjYHAAT+3J7si0K2fPqyEtXyPXdxey5a2Bod
RFxO17AXKImip9CITu190RnBviyDjPF3usm7C08TjFYZA//srjxU8M15HN40qL3h
mPvX9tc8ReatMeFjS+sOilOTUqd+NOfBlUok0kbOeapH4KRu2G3j22L1RrO80Qgb
gzbCV2yAsfgioG0uKHEc4Y2zIpjAuJf1dpjjOAbUVZzKDrphO3NOZBPW+AS0cf2q
+C5W/Y3q9WZ9yGhhoE+0KVhMqyu8Kms757cx0iwY5Tp6h8sfAMOzt3/MjMjkxGNQ
85qNVIhyzZke/xEUs6E2PqZRHYqV+O3yLRzNfa5jxwzy6n+Z9eD4nYH091R/8ALk
NeYomUX4cqPlkep5856XuZTMITE7VWdj+AbY2gmijauw57Zhiwc++h8lUMCWm+U3
RCuqV1PtpP6XtCkFYuOBCQbT8PFpCs5hL2mm+jS58tL3Cmw+TkxBhZM5JuIQozjA
+cTmuZuQLnZTUVLxlGDqDeedrBhMWwHQhg4G/psn+YIPKm9QiBsXB5GMs+f26MdL
oSQB7mJg+2+s5vG4hf9v
=tDKh
-----END PGP SIGNATURE-----



More information about the security-announce mailing list