[security-announce] bind 9.9.5: Security update

Sona Sarmadi sona.sarmadi at enea.com
Fri Jul 31 11:50:17 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

	Enea Linux Security Advisory
=========================================================
Product/package: bind 9.9.5
Severity: High
CVE Name: CVE-2015-5477  TKEY query handling flaw leading
          to denial of service
=========================================================
This security patch fixes a flaw in the way BIND handled
requests for TKEY in the Enea Linux 4.0 GA release.

Signed patch and README files
================================
0023-bind9.9.5-CVE-2015-5477.patch
0023-bind9.9.5-CVE-2015-5477.patch.sig
0023-bind9.9.5-CVE-2015-5477.READMAE.asc

Description
===========
An error in the handling of TKEY queries can be exploited by
an attacker for use as a denial-of-service vector, as a
constructed packet can use the defect to trigger a REQUIRE
assertion failure, causing BIND to exit.

References:
==========
https://kb.isc.org/article/AA-01272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477

How to apply the patches
=======================
eode via crafted block group descriptor data in a filesystem image.
cration Make sure that you have an installation of Enea Linux and
have applied the existing patches in the right order.

wget https://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
tar zxf Enea-Linux-4.0.tar.gz
cd Enea-Linux-4.0/poky/
<Fetch and apply the existing patches >

 - Fetch, verify and apply the new patch
wget https://linux.enea.com/4.0/patches/\
0023-bind9.9.5-CVE-2015-5477.patch
wget https://linux.enea.com/4.0/patches/\
0023-bind9.9.5-CVE-2015-5477.patch.sig
gpg --verify 0023-bind9.9.5-CVE-2015-5477.patch.sig
patch -p1 < ./0023-bind9.9.5-CVE-2015-5477.patch

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVu0TZAAoJEHc+9u9ocWoUKdAP/Rnk6GZhQgBPjqn6yO6NcYBU
yxocpdPwdLnkAXFmgMYiI0OGutV2awPyLMofKEqb5Wsf3LCRDrmmGUpTzp6a93UK
bGSG+i/2lceSO6SFOQfI+xdWz+5V4rKrNeqQdDkGgWFebDGQqG+eX+q1wQiFXS8D
WKX1Bt8kNQIrcaQELPUDpIz2HYy/qlD9fga/EZh1NTxANPy27QKT2ZfCCa8LnteO
45ldPTkEs/gPAENnl1kVvyUBajlB2aIvFyU+zPjdEk4bp6UfyM/JEzoR9b5fcosN
7Zl+EbnMW2EKiRHDyV81BCvZDztz0OdwdXevlOUGxSibuAa+Zj8xwwdaxckrWPoE
ZsIFOaM8Krb9T+eVXzAtO+KcPknhHEEA080kpYjRWBBXQ1iBXPMWP4jjYqe8IWRZ
Oc7GSNXDvi4Q5OBIDCiH+0s9dimU6cek9ghcXDDzJVS/quY2S/bm06/tbvg960aD
YaOBGCEpq08g/LH3U6OjjVDB4JNljVrtFS9yucuS8l/kjUDWsaNo4F+8gCUFBFkK
BirdiDE9thAjL4qw0NdbYz1FQlyrkMwNyf+4eDrSFh7gQ0uONLPJno0MrtX6acau
OlodmFAqTJZlZac7meUdAsP3HWJThGhb8noff9fIxkeXLKar8kszRPbpayRBfKxP
uKxtVeVaEdHsz3MhpJD5
=ggwU
-----END PGP SIGNATURE-----



More information about the security-announce mailing list