[v3.0] bind: denial-of-service vector issues (CVE-2015-5722, CVE-2015-5986)
Please be advised that ISC publicly announced two critical
vulnerabilities in BIND:
+ CVE-2015-5722 is a denial-of-service vector which can be
exploited remotely against a BIND server that is performing
validation on DNSSEC-signed records. All versions of BIND since
9.0.0 are vulnerable.
https://kb.isc.org/article/AA-01287
+ CVE-2015-5986 is a denial-of-service vector which can be used
against a BIND server that is performing recursion and (under
limited conditions) an authoritative-only nameserver.
Versions of BIND since 9.9.7 and 9.10.2 are vulnerable.
https://kb.isc.org/article/AA-01291
New releases of BIND, including security fixes for these
vulnerabilities, are available:
ftp://ftp.isc.org/isc/bind9/9.10.3rc1/RELEASE-NOTES.bind-9.10.3rc1.html
ftp://ftp.isc.org/isc/bind9/9.9.8rc1/RELEASE-NOTES.bind-9.9.8rc1.html
ftp://ftp.isc.org/isc/bind9/9.10.2-P4/RELEASE-NOTES.bind-9.10.2-P4.html
ftp://ftp.isc.org/isc/bind9/9.9.7-P3/RELEASE-NOTES.bind-9.9.7-P3.html
Reference:
(from redmine: issue id 4608, created on 2015-09-03, closed on 2015-09-10)
- Relations:
- parent #4606 (closed)
- Changesets:
- Revision c6febbad by Natanael Copa on 2015-09-09T14:28:14Z:
main/bind: security upgrade to 9.10.2_p4 (CVE-2015-5722,CVE-2015-5986)
fixes #4608