[security-announce] bind 9.9.5: Security Update: CVE-2015-8704

Sona Sarmadi sona.sarmadi at enea.com
Tue Jan 26 09:19:04 CET 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

	Enea Linux Security Advisory

=========================================================
Product/package: bind 9.9.5
Severity: Critical
CVE Names: CVE-2015-8704
Layer: poky
=========================================================

This security update fixes a buffer size check used to guard against
overflow could cause named to exit with an INSIST failure In apl_42.c.

A server could exit due to an INSIST failure in apl_42.c when
performing certain string formatting operations.

Description:
db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before
9.10.3-P2 allows remote attackers to cause a denial of service
(REQUIRE assertion failure and daemon exit) via a malformed class
attribute.


References:
https://kb.isc.org/article/AA-01335
https://kb.isc.org/article/AA-00913
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704
https://bugzilla.redhat.com/attachment.cgi?id=1115781

Upstream patch reference:
Backport from bind 9.9.8: [ea75187b4a656477f1f50ecc407e3352614a06f8]

Correction for Enea Linux 5.0:
http://git.enea.com/cgit/linux/poky.git/patch/?id=36009b0af396f7a0920d55
08e67cf58ff955478e

How to get the latest patches
=============================
 - If you have already cloned meta-enea, update it to get new
security patches.

cd Enea-Linux-5.0/poky
git pull

 - If you have not yet cloned needed repositories, do it as described
below. (All patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-fsl-ppc.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-
hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-
openembedded.git
git -C $POKY clone -b dizzy
git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy
git://git.enea.com/linux/meta-enea/meta-vt.git


If you have any questions regarding the security patches and security
updates please contact security at enea.com.


Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJWpyv4AAoJEAilI68fskZd2FIH/1892aLH18xaHA2RgXzXAgwS
z6RtUPCWvS+5MbwYt2wSci+gJAvzO6FTaljFaUdMpQhiwEjv7SbbsT4MNYuJ6CMY
CvT5/0gqs49tFxdCRhkGo8/jTlKn5Usa+86vuKEcVRRTcJKPV/uXwiWUeIzeB+2a
5MthuoJXdSfaJZZ5bXruPd8HYI9XaCBBxDXKAbndYbhDrPYmvr7tscRerkrKryb7
MBB8l4mqiBAiQ3+5l6m9hYjgtA2YDk6spSlJCh35uJJsIfBSkqOQ+scixQf+TRxp
7QU6EpvDnfpGtAJN6JiBGcQ7XQEov9KbkBXJ0tbyicKnJuP7RYnfR+om6GGDB5Y=
=JPqm
-----END PGP SIGNATURE-----



More information about the security-announce mailing list