Project

General

Profile

Bug #5242

bind: Multiple issues (CVE-2016-1285, CVE-2016-1286, CVE-2016-2088)

Added by Alicha CH about 3 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
-
Start date:
03/10/2016
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Affected versions:
Security IDs:

Description

CVE-2016-1285: An error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c

Versions affected:

9.2.0 > 9.8.8, 9.9.0>9.9.8-P3, 9.9.3-S1->9.9.8-S5, 9.10.0->9.10.3-P3

Solution:

Upgrade to the patched release most closely related to your current version of BIND.

BIND 9 version 9.9.8-P4
BIND 9 version 9.10.3-P4

CVE-2016-1286: A problem parsing resource record signatures for DNAME resource records can lead to an assertion failure in resolver.c or db.c

Versions affected:

9.0.0 -> 9.8.8, 9.9.0 -> 9.9.8-P3, 9.9.3-S1 -> 9.9.8-S5, 9.10.0 -> 9.10.3-P3

Solution:

Re-configure and re-build BIND without enabling cookie support or upgrade to the patched release most closely related to your current version of BIND.

BIND 9 version 9.10.3-P4

CVE-2016-2088: A response containing multiple DNS cookies causes servers with cookie support enabled to exit with an assertion failure.

Versions affected:

9.10.0 -> 9.10.3-P3

Solution:

Re-configure and re-build BIND without enabling cookie support or upgrade to the patched release most closely related
to your current version of BIND.

BIND 9 version 9.10.3-P4

References:

https://kb.isc.org/article/AA-01352
https://kb.isc.org/article/AA-01353
https://kb.isc.org/article/AA-01351


Subtasks

Bug #5243: [3.4] bind: Multiple issues (CVE-2016-1285, CVE-2016-1286, CVE-2016-2088)ClosedNatanael Copa

Bug #5244: [3.3] bind: Multiple issues (CVE-2016-1285, CVE-2016-1286, CVE-2016-2088)ClosedNatanael Copa

Bug #5245: [3.2] bind: Multiple issues (CVE-2016-1285, CVE-2016-1286, CVE-2016-2088)ClosedNatanael Copa

Bug #5246: [3.1] bind: Multiple issues (CVE-2016-1285, CVE-2016-1286, CVE-2016-2088)ClosedNatanael Copa

Bug #5247: [3.0] bind: Multiple issues (CVE-2016-1285, CVE-2016-1286, CVE-2016-2088)ClosedNatanael Copa

Associated revisions

Revision 8b571b68 (diff)
Added by Leonardo Arena about 3 years ago

main/bind: security upgrade to 9.10.3_p4 (CVE-2016-1285, CVE-2016-1286, CVE-2016-2088). Fixes #5242

History

#1 Updated by Anonymous about 3 years ago

  • Status changed from New to Resolved
  • % Done changed from 60 to 100

#2 Updated by Alicha CH about 3 years ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed

Also available in: Atom PDF