[security-announce] Security Update: bind: CVE-2015-8461

Sona Sarmadi sona.sarmadi at enea.com
Fri Apr 8 08:24:41 CEST 2016


	Enea Linux Security Advisory

=========================================================
Product/package: bind 9.9.5/ Enea Linux 5.0
Severity: Medium
CVE Name: CVE-2015-8461
Layer: meta
=========================================================

This security update fixes a race condition when handling socket errors
can lead to an assertion failure in resolver.c

Description:
Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2
and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of
service (INSIST assertion failure and daemon exit) via unspecified vectors.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8461

Reference to upstream patch:
Patch is backported from:
http://git.yoctoproject.org/cgit/cgit.cgi/poky/patch
/?id=12cdd6d2b3a6d351ea09799be38e6ddd4c041c17

Correction for Enea Linux 5.0:
http://git.enea.com/cgit/linux/poky.git/patch/?id=e66b2b84a498f4da17a300a1ee01262aeb09af35

How to get the latest patches
=============================
- If you have already cloned needed repositories, update it to get new
security patches.

cd Enea-Linux-5.0/poky
git pull

- If you have not yet cloned needed repositories, do it as described
below. (All patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-fsl-ppc.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-
hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-
openembedded.git
git -C $POKY clone -b dizzy
git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy
git://git.enea.com/linux/meta-enea/meta-vt.git

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://mail.lists.enea.com/pipermail/security-announce/attachments/20160408/f70a4dfe/attachment.sig>


More information about the security-announce mailing list