[security-announce] bind9.9.5: Security update

Sona Sarmadi sona.sarmadi at enea.com
Thu Jul 30 17:02:32 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

	Enea Linux Security Advisory

=========================================================
Product/package: e2fsprogs 1.42.9
Severity: High
CVE Name: CVE-2015-5477  TKEY query handling flaw leading
          to denial of service
=========================================================
This security patch fixes a flaw in the way BIND handled
requests for TKEY.

Signed patch and README files
================================
0023-bind9.9.5-CVE-2015-5477.patch
0023-bind9.9.5-CVE-2015-5477.patch.sig
0023-bind9.9.5-CVE-2015-5477.READMAE.asc

Description
===========
An error in the handling of TKEY queries can be exploited by
an attacker for use as a denial-of-service vector, as a
constructed packet can use the defect to trigger a REQUIRE
assertion failure, causing BIND to exit.

Reference
==========
https://kb.isc.org/article/AA-01272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477

How to apply the patches
=======================
 - Preparation
Make sure that you have an installation of Enea Linux and have
applied the existing patches in the right order.

wget https://linux.enea.com/5.0-beta-m400/Enea-Linux-5.0-beta-m400.tar.g
z
tar zxf Enea-Linux-5.0-beta-m400.tar.gz
cd Enea-Linux-5.0-beta-m400/poky
<Fetch and apply the existing patches >

 - Fetch, verify and apply the new patch
wget https://linux.enea.com/5.0-beta-m400/patches/\
0023-bind9.9.5-CVE-2015-5477.patch
wget https://linux.enea.com/5.0-beta-m400/patches/\
0023-bind9.9.5-CVE-2015-5477.patch.sig
gpg --verify 0023-bind9.9.5-CVE-2015-5477.patch.sig
patch -p1 < ./0023-bind9.9.5-CVE-2015-5477.patch

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVujyIAAoJEHc+9u9ocWoUvZcP/2TfXQRxa8DIc/XVPj+vhJly
DNKwlZvL/amOel8LoKMrqHZpN0awTJndNllrkCWGF7rdz1Vbwt+kt/GgLPhGsBfT
kq9e5212md2gCeVzFzs2/bWm0OgOHWKs8ixKQBhQk+8N/Y1bwDV23KFcFGHeQsS9
J5HUtOzcj0zf+AKa5IhZsCwZalD9Wrcd9V2wWqjr19XOG9DqDwE6bveRn9l0a5sv
Kii6fqKDrP+MK8HY9cPiJgqMAUrbDyr68g8S9skEGgmluk3lcf4UdpSgef7mcY/1
sKH2xu8TIxIeDsbQQo1hSRYvk6qfrnqB3/zKpmR97L/5vtpSmHfzuIgD4lRpWlEc
nejxmKwnGs2Cz24YDFSqFF+fVGL5k8YRBt2pNXgyRvxqOJ7QIQpVd0hTEifrj5gK
3zFeoKok7r4XpalhdqTAwwIH2F1bkyw6hWQpUIDSMavEuUXcKx8iewB5h5A26yX2
TpP1j204Wp7DRuU9f89uSoH5Q13TAlfm5kNtUpw8c7roD/yGt99Ti1a6l8acMsuG
53BnFR9VZ2VQ4OSL32fS/KedUcK/B6FvYLrZ+v0563x0DktWAhD7b5KKYHYR8crJ
YviqPtYsNu3H9pO4Zf6VAZhPHbk+SHDFCYqg/Ql33hkZARfCz8pKg6Y1AKAYgip3
PmHXkg3YyVDJWgsOWxGv
=1shW
-----END PGP SIGNATURE-----



More information about the security-announce mailing list